The New Normal and New Security Challenges Created by the Work From Home Model
While there is the adage that change is the constant, it is fair to state that the changes required by the global pandemic were unexpected and likely not accommodated in any IT security plans for 2020.
A noteworthy facet of the pandemic is the ubiquitous impact felt by all companies, independent of size, structure, scope and market. From the largest, multinational corporations to regional and small businesses, COVID-19 has dictated that an entire workforce transition to remote work. The implications of this are felt across all markets and industries, forcing companies to confront the tough reality of safeguarding their data whether they face strict regulatory requirements or simply strive to keep their data safe.
This means that challenges in understanding the cybersecurity impact is not only felt by companies with established IT departments and dedicated staff, but also by companies lacking adequate resources or sophisticated IT staff.
Employees now require the ability to operate from their homes, with limited privacy and adjusted network connectivity. While working from the comfort of your home can have positive aspects, like helping foster productivity, it comes with security challenges as workers use endpoints outside of the enterprise’s control. Endpoints might not be controlled by the enterprise but rather owned by the workers or even shared within a worker’s family. As enterprises are faced with this change in employee behavior, they must adapt as Information Security Officers’ ability to protect corporate data and intellectual property has a new paradigm.
Not only are workers now accessing corporate data through private networks, they are often doing so on personal machines that may not have the corporate protections and protocols in place as found on company-owned devices. Already strained by the demand to ensure remote teams have the tools and applications needed to maintain workflows, IT departments must cope with the new attack vectors these very tools introduce to their corporate networks.
There is a fatal flaw in assuming your network is ever fully secured when following a password oriented cybersecurity protocol, and this rings true with the transition to WFH. Cyber-attacks are ever increasing and indicate that password-oriented security protocol introduces a weakness and is a gateway to carrying the attacks out. Questions revolving security that businesses need to consider include:
- How do we ensure that devices are managed/updated when the device is outside the company network and IT control?
- How do we manage/protect the network when the company doesn’t own the device, or monitor how the device is used for non-work activities?
- How do we manage new threats targeting WFH technologies and applications, as well as new phishing threats and COVID-19 scams?
The opportunity is to rethink how businesses approach cyber threats and data security. The fundamental question is: are passwords enough at a time when there are so many new unsecured access points to company information? Or, is now the time to embrace a new model that follows the worker rather than assuming a rigid, centrally controlled environment exists?
What if, in addition to securing the network borders, we also encrypt the data itself? Rather than just attempting to keep the wrong people out, you ensure that if they do get in, encrypted data is of no use to them and cannot be exploited.
The new WFH normal is going to change the way we work for years to come. Our job is to ensure our companies can thrive and grow within this new normal. That the services and programs we put in place are easy to use, simple to deploy and non-disruptive to the end user to workflow continues uninterrupted. This is true with the current model, a blended environment where certain employees come into the office and others stay home, a rotating model based on the amount of employees in the office at a given time, to a return to the way we’ve worked with everyone back in the office. No matter how we work, the truth is - the way we have always done things isn’t good enough because while our data might stay at rest, we are not.
We are hosting a free webinar on Thursday, May 28th with industry thought leaders to discuss Managing a Cyber-Program During Covid-19 & WFH, Best Practices & Regulatory Expectations. You can register for free here.
For more information about how Atakama can help you protect your data, please email us at info@atakama.com.