By Manoj Bhatt, Head of Cyber Security Advisory and Consulting, Telstra Purple – EMEA
With the onset of the Covid-19 pandemic, working from home has become the new business normal. Despite the requisite technology and tools being available for years, it has only been in recent months that Australian organisations started remote working at scale – prompted by workplace health and safety considerations as well as legal requirements to minimise the spread of infection.
Almost nine in ten (88%) companies globally have encouraged or required employees to work from home due to coronavirus, according to Gartner.
But most employees’ home technology wasn’t designed to support enterprise use cases, particularly when all members of the household go online at the same time. And the speed and urgency of the migration to home working during a pandemic has been a wake-up call for both employees and employers alike.
Against this backdrop, what are the ways that organisations can continue to optimise their infrastructure and empower their people to work securely and productively in the future from their living rooms, home offices and kitchens?
Lesson: Minimise uncertainty and complexity now, but also consider your long-term needs
The middle of a pandemic is not the time to go with the untried or the untested. The key to enabling secure remote working at scale and at speed is reducing uncertainty and complexity wherever possible.
- We’re seeing many organisations use VPNs to enable secure tunnelling. That provides a level of secure connectivity so companies can trust users who would normally not be able to access critical apps on a home wifi network, for example.
- Make sure your systems are fully patched and there are systems in place to monitor access and potential breaches. Ensure security logs are available to your security monitoring teams so that there are more eyes looking out for issues.
- And finally, be aware of device management options through endpoint security services. You can disable USB ports on laptops or mandate malware protection on tablets or phones to reduce the risk of a security breach. Notably, we have seen a significant uptake in endpoint detection and remediation to isolate infected endpoints.
Lesson: Due to scaling and lead times associated with hardware, we are seeing clients adopt cloud based secure access solutions for rapid deployments
- Will your network and security infrastructure be able to cope in the longer term and be scalable and secure enough to continue to enable remote working post- pandemic?
- Consider your potential pain points and longer-term future way of working to explore other technology around: Secure Access Service Edge (SASE), Zero Trust Network Access, Software Defined Perimeter (SDP).
- These effectively are the evolution of VPNs, to help organisations move away from connecting networks to networks, to connecting users to applications.
Lesson: Identify and authenticate
With most people owning multiple devices and accounts across different service providers, it’s impossible to monitor and manage each individual. The ability to identify and authenticate your users is a vital first step to mitigating those risks.
- Instead of relying solely on usernames and passwords, which can be hacked or stolen, use multi-factor authentication for an added layer of security.
- Monitoring user behaviour where possible, to promote a security-focused mindset. If a user logs in across multiple devices in different locations, your software should be able to flag it as suspicious activity.
- Have a quick fix at hand to pre-empt any security incidents – for example, using your cloud infrastructure and SaaS solutions as a central source of identity can let you disable accounts quickly, if necessary.
Empowering your people to make the most of remote working
Your organisational security is only as good as the compliance of your people with established practices. And in times of such enormous change, those practices need to be reinforced regularly.
Lesson: Awareness is critical
Even the most secure infrastructure can be breached by one errant click of a phishing email. This is where building and then maintaining a high level of security awareness among your staff is even more crucial – especially at a time when security teams are seeing increased activity taking advantage of the uncertainty driven by the coronavirus.
- Training is essential at times of change so that employees are clear on what’s expected of them, and why those processes or behaviours are required.
- While it may seem like overkill, behaviour only changes when messages are delivered over and again. Don’t forget to reinforce desired behaviours like awareness of phishing threats through regular email communication.
- Be aware that often employees will be understanding of enforced change in these circumstances. We’ve heard from a range of businesses that their people realise they have to work differently and accept both the benefits and challenges of that change.
Lesson: Balancing secure productivity and know the cyber security risks
Without a fully embedded security culture, staff can take matters into their own hands to get their work done – which can create an imbalance between productivity and security.
- The apps or services your employees rely on to do their work and to remain connected may not run at their best – or at all – when working from home. That can lead to people finding workarounds to get work done, through the use of WhatsApp, home email, or other consumer services beyond your security stack. It’s critical that you get the balance between security and productivity right to mitigate use of shadow IT.
- It’s also important to remember that staff will be unable to seek deskside support from IT teams, which can impact their ability to work. Enabling remote support is essential to ensure the user experience should remain the same.
- To help you manage risk in the longer term it’s important to consider the five ‘knows’ of cyber security. Ie: Know the value of your data, know who has access to it, know where it is, know who is protecting it and know how well it is protected.
Creating a remote working culture for today – and tomorrow
The enforced adoption of remote working across the globe has seen organisations scramble to ensure security, collaboration, productivity and performance – for both IT and for people. Yet, there may also be a number of organisations that have adopted the requisite technologies while overlooking the security aspect. For these organisations, it’s imperative to review their solutions periodically to ensure they meet established security standards – or risk being vulnerable to a major security breach.
While working from home has become the norm for most people, it’s also important to remember this pandemic won’t last forever. That’s why we can begin to plan for what happens next. We have a big opportunity to get our systems and our cultures right to enable a more productive, safe and empowered business in the future.