Work from Home and the Importance of Cyber Security Strategies
Technology - May 04, 2020
The COVID-19 crisis has brought upon an unprecedented situation for our digital workforce. Businesses have been forced to move their operations online and "work from home" is becoming the new normal. Widescale lockdown and social distancing norms are expected to last for a long time and therefore, concrete strategies and protocols with respect to 'work from home' are an urgent need of the hour.
Companies are working on developing such effective strategies which can ensure business continuity and efficiency. The strategies should be devised considering the following attributes in mind:
a. Companies should expand access for its employees in order to accommodate the rapid expansion of remote workers.
b. Companies should investigate new access methods and identity firms should ramp up their R&D to cope up with the explosion in demand.
c. It is now time for companies to reimagine their infrastructure and invest more in Cloud, Conferencing and Security. The objective is to create an agile, efficient and secure workplace.
Security is at the heart of everything!
Security ramifications are going to be a big part of this new strategy as different sectors (and not just IT) adopt the "work from home" model for their employees. It is very much possible that the IT infrastructure within these organizations isn't very advanced and considering the need of the hour and sensitivity of organizational data; perhaps the first place such companies should invest is IT security. The case of Zoom is a prime example. As workplace switched to remote, the demand for video conferencing exploded. However, Zoom was not able to ramp up its security and there were several cases of privacy breaches. This raised the red flag and many organizations and governments banned the Zoom platform for their employees. This is a classic case of why IT security should be the topmost priority as companies move into the remote model.
The IT security can be procured from cybersecurity vendors but deploying security also involves an efficient IT security strategy and this strategy has many attributes. The key ones are listed below:
1) Companies should start moving their existing workloads from the local datacenters to Cloud.
2) Companies should start adopting SaaS based applications to handle the operations
3) The identity governance which includes employee's access privileges should be improved and made more secure in order to meet the high demand.
4) The remote access privileges should also be expanded to mobile with employees using the mobile version of necessary enterprise apps to stay updated and ensure business continuity.
5) Companies should start looking into Zero Trust access management tools in order to tackle modern IT threat-scape. These are more secure than the traditional VPN.
How can you secure your remote workplace?
The following points and the instructions alongside might be useful as you step up the IT security for your workplace.
a. Training: -Keeping your employees aware of the evolving cybersecurity threats is of paramount importance. Training can enable employees make informed and responsible decisions in the times of crisis. Nevertheless, training isn't all; companies should send daily reminders and tips to their employees so that proper guidelines remain at their fingertips. In addition to the basics as described above, organizations should also consider the following:
- Document the do's and don’ts about remote access.
- Inform the employees about conferencing and collaboration tools to facilitate meetings.
-Provide guidance on approved applications, permitted downloads and ensure that strict adherence is observed.
b. Endpoint security: Companies should ensure that endpoint security applications are installed in every device the employee is using for remote access. This also include mobiles which an employee uses to access his/her emails and conferencing apps. It is also important to establish a minimum standard before access to necessary information is provided. In addition, companies should also be flexible in determining the level of access for different employees. Not every data should be opened for access and not every data should be closed. Proper gateways must be put in place by which the process of data access is streamlined and monitored.
c. Identity & Access Management: The importance of a strong and stable access and identity management system cannot be overstated. The following attributes for the access and identity management must be kept in place:
- Single Sign-on (SSO) dashboard for application distribution.
-Leverage multifactor authentication feature.
-Expand monitoring and create logs to measure security. Generate real time reports to detect possible breaches.
d. Security Operations: A collaborative effort between security and operations teams are required to ensure that enhanced security measures go hand in hand with business agility. Security Operations (SecOps) consists of tools and technology which achieve this goal.
Amidst the pandemic, our digital workplace is seeing a revolution in terms of scale and demand. Companies are rushing to adopt innovative enterprise software that can efficiently enable their workforce to work from home. The demand has skyrocketed and despite the rush, companies should understand that they need to first give priority to cybersecurity strategies; else they will be putting their data and business at serious risk.