Efforts to manage the COVID-19 pandemic have forced enterprises to rapidly adapt to new working models. Virtual meetings, live streaming, automated customer assistance, business intelligence driven by machine learning, online education, etc., have become the new normal almost overnight. However, in this rush to adapt, many companies are neglecting both their risks and change management processes.
Speaking to CXOToday, Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams said that now that many employees have shifted to remote work — in addition to organizations being distracted trying to handle the virus — security and risk management teams need to be more vigilant than ever.
The key challenge is that businesses are lagging behind protecting assets from cyberattacks. Out of 2,000 new pandemic-forced remote workers surveyed in a recent IBM report, 45% said they had not received any additional security training since going remote. More than two-thirds of global companies in another recent IDC report also said they were struggling to strike the right balance between flexibility and security for remote employees.
“While security is in itself a basic principle, many enterprises have not received the message that cybersecurity has to be the immediate and primary focus of their strategic business agendas. These errors in judgment are why so many companies have become victims of ransomware, social engineering, or DDoS attacks during COVID-19,” said the security researcher at NordVPN Teams.
Towards that end, here is a bucket list for CISOs who will not only have to protect their organizations in remote settings, but will also need to make cybersecurity an integral part of their plans to deliver business value.
Ensure employees are aware of the risks. This is especially applicable for unprotected networks and computers and insecure group video calls. The CISO and his team must help them to understand the critical role their diligence plays in protecting the company during these troubled times.
Educate your team on key cyber risks. Cyber criminals are attacking home networks that simply aren’t as robust or well-protected as enterprise networks. CISOs can take the charge to extend realistic training to employees so they can learn how to spot threats and be an effective first line of defense for their companies
Secure Web traffic through multifactor authentication and VPNs. When employees are working in a network environment, securing the traffic from different sources becomes a key concern. For example, businesses should mandate two-factor authentication logins and put in measures to ensure employees’ internet traffic is properly encrypted. CISOs must ensure that employees connect to cloud services via HTTPS/HSTS only and use a reputable VPN.
Maintain an accurate inventory of assets. These maps out what devices and applications can access sensitive information, which is critical during remote work. This enables security experts to monitor key attack vectors such as unpatched software, reused passwords or unsecured devices, even when outside a secure office network.
Adopt a cloud-based data protection service. Today’s remote workplace highlights the need for always-on security, where data is encrypted, protected and accessible everywhere. Enterprises should adopt a secure, globally consolidated data protection service in the cloud that protects data within a private cloud, public cloud and SaaS environments.
Update operating systems and software. Security works best when implemented in multiple layers. For remote workers, employing security practices like using two-factor authentication, employing a zero-trust network strategy and using an operating system that is secure by design. Last but not least, update users’ operating systems and software on a daily basis.
Set up end-to-end encryption. Apart from the fundamentals, such as the use of stronger passwords, two-step authentications, etc., you should make sure that all the communication channels your team members use are end-to-end encrypted. Video conferences, audio calls, text or multimedia messages, email, etc. all need to be encrypted from end to end.
“As COVID-19 has set a new baseline for effective and secure remote work, we should assume that many organizations will continue to utilize remote workforces after the pandemic ends,” Gurinaviciute said. In other words, she believes, if you have 5,000 employees, you now have 5,000 remote offices to protect. The bandwidth has increased dramatically, and there’s really no time to waste.
While no network is immune to attacks, a stable and efficient network security system is essential for protecting data, something CISOs should take note of to secure today’s remote workplace.