As governments begin lifting emergency orders, company leaders are considering policies, technology and processes that will protect their workforces. Many of these factors rightly center around health and safety, but we must also acknowledge that all of us are still targets for cyberattacks. The new work-from-home world has poked countless holes in security perimeters, so organizations must prioritize cybersecurity preparation as well.
Going back to work securely
According to a recent (ISC)² study, 23% of cybersecurity leaders said their organization has experienced an increase in cyberattacks since employees started working from home due to COVID-19. While 50% said they believe they have been following best practices, the same security leaders also said they could be doing more to secure their remote workforces. This situation has proven that the bad guys don’t go on vacation during a crisis.
What has changed in the environment during that time? And, what changes have not been made in order to best protect it? This is the gap that CISOs are charged with filling as companies consider returning to work-as-normal.
It remains unclear when many areas around the world will reopen. As some states and counties communicate their intent to open up (or have already started to do so), the time is now for security leaders to take the steps needed to ensure the transition is secure. Here are some key factors to consider:
1. Scan for vulnerabilities
Laptops and other devices have been a huge asset for enabling employees to continue their work remotely. But while out of the office, those not connecting to the corporate network through a VPN may have not received the necessary OS, app, AV and GPO updates that they normally would. This presents a risk to organizations when those devices reconnect to the corporate networks. It may not be possible to scan all devices before they return to the network, but security leaders should consider doing this where they can – as well as preparing processes to validate devices returning to the corporate network.
2. Quarantine devices returning to corporate network
Following a zero trust model will ensure that security leaders are accounting for any potential risks that may have arisen due to remote work. Only allow devices access if they have been validated as secure. While initially quarantining devices by default may introduce some user experience and complexity challenges, in this type of scenario it is an important step to minimize risk.
3. Educate employees
Given the fast nature of the transition, there was little time to educate workers on best practices for remote work. The advantage security leaders have in transitioning back to the office is that there is plenty of time to be proactive on educating employees on best practices, as well as threats like targeted phishing attacks that may look to take advantage of the transition.
4. Prepare for those who can’t return to the office
While some employees may head to work in the coming weeks or months, that may not be possible for every employee. Some employees may have underlying health concerns that put them higher at risk, making it safer for them to stay at home, or perhaps they have children at home that need to be cared for. For CISOs, that means not only preparing for a secure return to work, but also for the possibility of needing secure long-term remote work solutions and policies.
5. Consider updating cybersecurity strategies
Finally, there is a unique opportunity during this time to reconsider cybersecurity strategies for the long term. That may include using quiet networks to baseline network activity for better understanding of anomalous activity, or rethinking security policies and procedures for remote work. In any case, leaders should take some time to step back and think about what this crisis has taught them about their organizations and any security weak points that were exposed. That information can inform strategies in the months and years to come.