Covid-19 pandemic presents information security officers and their teams at organizations with two priorities, which are also challenges. The first is to facilitate the arrangement of the work from home facilities for the smooth operations of organizations. And the second is to maintain the confidentiality, security and integrity of data and network as online traffic flow rises as a result of a large number of people working from home. As proprietary corporate data is being accessed on machines from homes, which do not have the same level of security as in the office setups, it becomes vital to protect them and frame some strategies for that purpose.
In the article, we describe the actions, in terms of technology modifications, people engagement and business process strengthening, required on the part of organizations to safeguard their assets, data, and privacy.
With the ‘Work From Home’ being adopted everywhere, the cybersecurity teams organizations need to take following technologically proactive measures to extenuate the potential threats.
Patching of Critical Systems: IT officers must accelerate the patches for critical systems such as VPN, end-point protection and cloud interfaces that are essential for working remotely. This will help the companies remove the vulnerabilities in their systems.
Multifactor Authentication: The second action required is the scaling up of the MFA or Multifactor Authentication. The people working from homes must be required to access critical applications only by using MFAs. Though the implementation of MFA is challenging, it can be made manageable by prioritizing the users who work with critical users such as domain and system administrations and developers and people who work with critical systems such as money transfers. First, to gain experience, the cybersecurity teams can roll out this on a demonstrative basis and then after gaining enough confidence can extend it to the whole organization.
Compensating controls for facility-based applications: The third tactic to be used is the installation of compensating controls for facility-based applications migrated to remote access. Some applications such as cell centre wikis, bank teller interfaces, which are only available to users working onsite at an organization’s facilities, must be protected with some special controls such as VPNs and MFAs.
Accounting for Shadow IT: The fourth action is to account for is shadow IT, which at many companies, employees set up without formal approval or support from the IT department. Remote working will make such systems vulnerable as when the employees start working remotely, the business processes that depend on shadow IT will not be accessible remotely for protection. Now it is the responsibility of cybersecurity teams to look out for such shadow IT systems in the organizations.
Device Virtualization: And the final action that the companies can take in terms of the technological adaptation is to accelerate the device virtualization because many of the cloud-based virtualized desktop solutions can make it easier for employees to work remotely as many of them can be implemented faster than can be onsite. Importantly, the new solutions will require strong MFAs.
Even after the adequate technology controls are put in place, there is some vulnerability in the way the people behave at home. And here they are required to exercise good judgment for maintaining security. In the offices, their online behaviour can be monitored but at homes, their unmonitored behaviour may invite some malicious attacks that put the whole organization systems in jeopardy. To avoid such situations, people working remotely can follow the following guidelines:
Communicate Creatively: Employees must communicate creatively. The stressful and crisis-ridden time can easily make the warnings of cybersecurity lose in the din. The communications channels should be two ways, in which questions, answers, and clarifications can be posted in real-time and best practices can be shared. The communications channels established have to compensate for the existing loss of informal interactions in office settings.
Focus on what to do: Telling employees not to use certain tools such as consumer websites at home can be counterproductive. Instead what the security teams should explain is are the benefits, in terms of security and productivity, of using approved messaging and file transfer tools to do their jobs. To make it safer overall, the employees should be encouraged to use only the approved devices, to buy approved hardware and software by providing some incentive for such behaviours.
Training of the Employees: And the most important action that an organization can take is to make its employees aware of social engineering during the pandemic times. They should be trained about phishing, vishing, smashing, etc, and how they should deal with it and how they can avoid getting tricked.
Monitor High-Risk Groups: Every organization dealing with important data and private data must identify and monitor high-risk users such as those working with confidential or private data. Such a group poses more risk and is generally on the radars of attackers. The high-risk group must be trained adequately.
Strengthening Business Processes
As the business processes in the companies may not be designed to support extensive networks from home, they may lack adequate controls. In such a scenario, complementary security control processes can be deployed to mitigate the risks. Following are some of the ways for strengthening business processes:
Support Secure Remote Working Tools: During a period such as the current one when people are working from homes and settings and installing basic tools such as VPNs and MFA, security and admin teams should make available extra capacity. Also, the security teams of a company must be available on calls for providing support sought out by an employee.
Test Incident-Response (IR) and Business Continuity (BC) Plans: To find weak points in your IR and BC or disaster recovery (DR) plans must be adjusted and tested as the organizations might have to tweak them in the current crisis conditions.
Expand Monitoring: As the cyberattacks are on the rise in the current period, it is required that the scope of organization-wide monitoring activities must be widened. Widening of the protection activities is also important because basic boundary protection mechanisms, such as proxies, web gateways, or network detection systems (IDS) will not secure users working remotely.
Clarify Protocols. Finally, there should be clearly defined guidelines and protocols about how to report once a cybersecurity incident takes place in an organization while people work from home.
Conclusively, securing the remote working arrangements during the current environment is very important for business continuity. The actions outlined so far are not exhaustive but cover a lot of ground and are essential to maintain the continuity in the operations of an organization and save it from unexpected disruptions caused by cyberattacks.