While some people are heading back to the office—armed with face masks, hand sanitizer and disinfectant wipes—working from home could become a temporary or permanent option for some employees.
After all, according to an Enterprise Strategy Group (ESG) survey, 79 per cent of IT executives say their organization will be more flexible about WFH policies after the pandemic subsides. But the same survey found that one in three workers say they weren’t given the right level of instruction on how to work safely and efficiently from home.
Security and network issues top the list of remote work challenges for businesses; nearly half, or 47 per cent, have reported an increase in cyber attacks since WFH began, according to the ESG survey of 500 North American senior IT decision makers and knowledge workers.
WFH exposes IT security gaps
The move to WFH was a hasty decision for many organizations that didn’t have a strategy—or the right technology—to support an entirely remote workforce. That’s understandable, given the circumstances.
But it very quickly exposed holes in enterprise security, which has inevitably led to a rise in malicious activity and cyber attacks by those looking to profit from a global pandemic.
Fast forward a few months, and some workers are starting to head back to the office, while some companies are instituting WFH policies until the end of the year (or permanently). Google’s global workforce, for example, will be working from home until the end of 2020.
Clearly, it’s still a work in progress. But as companies slowly move at least part of their workforce back to the office, it’s important to review lessons learned since the start of work-from-home orders to bolster IT security during this awkward transition phase.
Ramping up cloud security
In mid-March and early April, the focus was simply on getting employees up and running, while rolling out rudimentary security measures such as providing work devices with secure Wi-Fi, anti-virus software and endpoint protection.
A report by security firm McAfee, which analyzed cloud data collected from more than 30 million enterprise users between January and April, found that all cloud services across every industry grew 50 per cent from the start of 2020.
But it also found that traffic from unmanaged devices to enterprise cloud accounts doubled. At the same time, the number of external threats targeting cloud services jumped by 630 per cent, heavily concentrated on collaboration platforms.
Some industries were hit harder than others: In transportation and logistics, for example, the rise in threats jumped a whopping 1,350 per cent (government increased 773 per cent, manufacturing 679 per cent and financial services 571 per cent).
McAfee researchers recommend companies shift their focus to cloud-native security services—such as implementing a cloud-based secure gateway or using a cloud access security broker platform with policies for device checks and data controls—to maintain visibility over distributed workforces.
Next phases of IT security
“Leading organizations are also ramping up monitoring of cyber-adversaries and threat intelligence, looking for targeted attacks, COVID-19 tactics, techniques, and procedures (TTPs) …” says Jon Oltsik, principal analyst at ESG, in an article for CSO.
Oltsik says the next step involves a full risk assessment that examines your WFH infrastructure, including new traffic patterns, perceived vulnerabilities and rising threats, and then digging “into a more thorough look at emerging WFH issues like insider threats, expansive privileges, data security exposures, insecure cloud application configurations, and others. The goal? Quantify risk and then work with executives to prioritize actions.”
This leads to the next phase, which Oltsik says is “all about risk mitigation.” And this includes strategies like setting up privileged account management and deploying technologies like multi-factor authentication (MFA) and zero trust networking tools.
While the future is riddled with uncertainties—Will there be a second wave? A third wave? When will a vaccine be developed? What if we never find a vaccine?—it’s also an opportunity to retool for the future of work. While our workplaces may become much more flexible, they should also become much more secure.