|Most organisations have now realised there is a major security risk when it comes to remote working.
The Coronavirus has changed professional experience, & IT security faces challenges unimaginable just a few short months ago.
Companies must learn lessons & apply them to a more permanent better model for their remote working.
In a recent survey for Tanium, most companies said they felt prepared to move to a fully remote workforce (83%), but 98% of them said they faced security issues from this.
Issues included identifying new devices on the network, excessive VPN traffic & video conferencing &, say 92% of responses, a growing number of cyber-attacks made this worse.
“For the most part, the attacks have been less successful against companies who already have a mature work-from-home capability,” he went on to say.
The CISO for a bank commented that organisations such as theirs were well prepared for home working, because its services were already cloud-based, thus staff could relocate anywhere they had a good broadband connection. He contrasted this with other organisations in the middle of migrating to cloud IT, or still very reliant on on-premises, ‘legacy’ servers.
A big challenge in the transition has been communications, & business has become reliant on employees’ home IT. As Nick Ioannou, Security Consultant at Boolean Logical, remarked. “Not everyone may have a company mobile or even have a good mobile signal. VOIP & other host telephone systems are useless if the home internet is having issues – together with fix lead times of over a week.”
Companies have had to teach staff how to make home networks safe, & segregate the usage of their devices, among matters, as Zsuzsanna Berenyi, Head of Cyber Security awareness & culture at the LSEG, explained: “You need to show them how to secure their routers & set-up separate networks for work & children, as well as remind them not to share devices with children or partners.”
Another important message organisations need to give their staff, is ‘vigilance’. “We are at home, a little more vulnerable, with more distractions from children & the postman,” Berenyi said. “Our attention tends to go to different things, more than just the work environment.”
Ioannou further remarked that organisations needed to pay ‘particular attention’ to data protection. “I would guess that a lot of GDPR-related personal information is now on a vast number of unknown systems,” he commented. “Every business will be different, depending on how staff are accessing business data.”
While cyber-attackers have seen Covid-19 as an opportunity to launch yet more attacks against organisations, it has also been an opportunity for organisations to upgrade their security practices.
Tanium’s survey discovered that cyber-security has a new focus: most organisations report cyber-security is a priority (69%) for remote-working, ahead of avoiding business disruption (14%) & protecting intellectual property (17%) – a welcome boost for our sector & industry.
Starnes explained “Many companies have been forced into working from home. This doesn’t make for a well thought-out, well-executed transition; but, many will now be in a better position to realise the benefits for the company & its employees.”
“Properly executed, a work-from-home strategy will not extensively change the security profile of most companies. ‘Properly executed’, being the operative phrase.”
The bank CISO said lockdown had increased the rate of cloud migration. “Organisations are now moving into cloud because they know they can ramp up & down their operations as needed. This has provided the focus for something that’s been there for a while, but as more of a long-term aim than an immediate plan to make the jump to public facing cloud infrastructure,”. “Now they just have to do it.”
Berenyi observed that although remote working was forced upon organisations, staff have not just shown they can work well from home, but has also allowed cyber-security specialists to show too they can do it securely.
Home-working due to the pandemic has caused an ‘epidemic’ of cyber-attacks, but due to cyber-security practices & the vigilance of staff, it appears it will remain an aspect of professional life for ‘the duration’.
Google releases new updates:- iOS apps & online services to support WebAuthn – capable security keys
Two of the world’s largest ‘tech’ organisations have now decided to merge their efforts to support hardware security keys & devices that create unique cryptographic