Thanks to the current coronavirus pandemic (COVID-19), we’re all living in a new normal where masks, hand sanitizer, and social distancing have become a part of our daily routines, but the pandemic not only changed the way we live and socialize. It has also changed the way we work in major ways.
For many organizations and employees, working remotely has also become the new normal. This comes with benefits to the employee and the employer alike. Employees save time and money by avoiding a daily commute which translates to a better work-life balance and increased productivity. Employers have also realized the benefits of remote work in the form of decreased overheads and reduced absenteeism.
However, there have been drawbacks for employers as well as benefits. The greatest of these is the increased threat of cybersecurity risks to organizations.
Increased security risk from remote workers/learners
To ensure business continuity, organizations were forced to implement a remote workforce without taking the time to define and implement the necessary security protocols. IT staff may not have had the time to properly configure VPN access for workers now outside of the organization’s security perimeter.
In addition, your remote workforce now includes people who may have only previously used the internet for entertainment purposes and have no idea of the dangers that lurk in the form of cybersecurity attacks. These employees are more susceptible to the cleverly disguised cyber threats that hackers employ.
Rise in phishing and ransomware attacks
Since the outbreak of the pandemic, the FBI has received a 300% increase in reported cyber crimes like phishing and ransomware attacks. In April, Google reported blocking 18 million emails related to coronavirus scams.
The combination of inexperienced remote workers, the increased use of personal devices with BYOD policies, and weaker IT controls in the home environment have given hackers new opportunities and contributed to an increase in phishing and ransomware attacks.
Increase in hacking vulnerabilities
The move away from centralized corporate networks to more distributed home networks has removed the company’s traditional security perimeter. Cybercriminals have played on the fears and frustrations of naïve remote employees with phishing emails centered around COVID-related topics.
Attacks take various forms including phishing emails with attachments that contain malware or links that lead to fake websites for legitimate agencies like the Center for Disease Control or the World Health Organization (WHO).
Remote work will be around long after the pandemic has ended, but a widely distributed network of employees using various end-point devices makes it more difficult for IT security teams to monitor potential threats and respond to incidents in a timely manner.
So, how do you ensure that your network remains protected during and after a pandemic?
How to ensure your network is protected during and after a pandemic?
1) Perform a network security audit
A network security audit is designed to discover security vulnerabilities that are at risk of being exploited so that you can eliminate, and proactively minimize these risks and tighten your IT security plan. An assessment of your network security will ensure that your business and the data you store remain secure and protected from third-party breaches, data loss, or malware.
Check servers, and workstations, and “bring your own devices” (BYOD) to make sure that they are safe and secure and aren’t sharing sensitive data. Check VPN configurations to make sure that they are correctly configured, and audit system and data access rights granted at the start of the pandemic to determine whether they should be updated or revoked.
Regular network security audits help you to keep track of inventory and assess how well your security controls are working.
2) Reassess IT security architectures
Reevaluate the policies and controls that were adopted during the pandemic to ensure business continuity. Identify opportunities to strengthen operations for the long term, including remote support needs and security mechanisms used.
If a large part of your workforce is going to remain work-from-home employees, you may need to reassess end-to-end security and strengthen the policies defining the use of devices, applications, and processes. Devices used by employees returning to the physical office will also have to be audited to ensure that they do not bring compromised devices onto the central network.
Revisit remote video meeting and collaboration solutions and reconsider technologies that monitor and secure employee home environments. Also, look at ways to refine remote incident response capabilities.
3) Understand new security risks
In addition to pandemic-related phishing and malware attacks, COVID-19 has introduced new security risks through IoT (Internet of Things) devices in home environments and videoconferencing software to backdoor into an employee’s personal computer to access the corporate network.
The move to a distributed home network has made it more difficult for IT support to monitor and respond to security threats. As we saw with the Zoom incident at the start of the pandemic, hackers can breach video conferencing software to eavesdrop to gather information from confidential conversations.
Businesses need to have security controls in place to handle these new threats while ensuring that employees know what to do to avoid them.
Deploy more advanced technologies such as virtual desktops
The remote workforce is here to stay. Security solutions need to be scalable, adaptable, and easy to manage from a centralized location. Advanced technologies like virtual desktop solutions and cloud-based solutions can help secure your critical assets.
Cloud-based security solutions offer a broad range of security tools and technologies including antivirus protection for end-point devices, threat-prevention tools, firewalls, email security, and backup services.
Virtual desktop services allow IT support staff to provide everyday support to a distributed workforce while being able to monitor for security threats and respond to those threats in a timely manner.