Almost overnight, businesses across the globe have been catapulted into the world of remote work, writes Steve Mulhearn, Director of Enhanced Technologies UK and Ireland and DACH, for the cloud and networking security firm Fortinet.
For many companies, the COVID-19 pandemic has demonstrated serious shortcomings in their business continuity plans, and challenged their ability to maintain operations during a crisis.
By implementing a strong business continuity strategy, it’s possible to secure an organisation throughout this time of uncertainty, as well to prepare to quickly ‘flip the switch’ to remote working in the future – whether due to the next pandemic, a major weather event, or some other unforeseen event.
Here are five tips for designing an effective continuity plan that will protect corporate networks through times of rapid transition:
1.Implement controls supported by automation
The shift to remote working will exacerbate any longstanding gaps in cybersecurity resources and networking limitations, especially for those with no prior controls in place to support a remote workforce. These organisations in particular will face more challenges, as they set about building systems from the ground up without much of an idea of what their security baseline previously was or how security events could affect them in the future. It will be critical that these businesses focus on implementing controls supported by automation to augment limited resources and maintain a strong security posture.
2.Protect personal devices
As employees get set up in their home office, many remote workers will have no choice but to use personal devices to conduct business from home. As a host of new devices connect to web portals and virtual private networks (VPNs), this shift in access brings about many new security risks. These include bring your own device (BYOD) issues for users without a corporate laptop, a lack of infrastructural support, and interoperability challenges given the variety of technologies being used to connect back to the network. For this reason, it is important that organisations implement a comprehensive security policy that covers things like remote access protocols and managing user-owned devices on the network. It’s also imperative that these devices meet network security standards before they are allowed to connect.
3.Offer cybersecurity training for employees
Remote work tools, such as conferencing platforms, allow devices to access to the internal network even if they don’t meet the required security standards. Many of today’s remote workers will be novices, and for employees who typically conduct daily business affairs in-office, the security requirements of remote working are something very new.
For this reason, organisations must devise a plan for delivering online training to those users who need to learn how to access systems remotely and securely. Training these users to recognise red flags will be essential to protecting the more widely distributed network.
4.Identify malicious emails
Phishing campaigns have been a particular focus for cybercriminals over the past month, as they try to take advantage of the heightened emotional response to COVID-19. These attacks are using common tactics to distribute malware, steal credentials and scam users out of money, but in particular they are using the coronavirus as a lure to trick distracted users and capitalise on the fear and uncertainty of their intended victims.
Making it appear as though they are from organisations like the CDC or the World Health Organisation, these malicious actors are using the same ploy to target businesses across all verticals. It is therefore essential to have the right security controls and training modules in place to protect employees and customers from clickbait.
5.Prepare for the future of remote work
As many businesses test this new remote working, there is a possibility that we will begin to see a cultural shift in how people do business. The hand of resistant corporate leaders has been forced on the issue of a remote workforce, and for that reason there could be a shift in leaders’ openness and willingness to keep these new approaches to networking and business operations in place once the current crisis has passed.
As businesses adjust to relying on remote collaboration tools, VPNs, and secure remote access, leaders may look to implementing new remote work policies. Though cultural norms and mindsets are the most difficult aspects to influence and change in any organisation, the recent dramatic and forced shift in business operations could result in a dynamically altered workforce situation. Now is the time for businesses to prepare for the future of remote work, and to implement robust systems that can support their employees, wherever they are based, for years to come.
Cybercriminals understand that times of rapid transition can cause serious disruptions for organisations. In the rush to ensure business continuity, things like security protocols can get overlooked, and criminals are looking to take advantage of any inadvertent security gaps.
It is therefore critical that businesses do their part in securing customer data, employee operations, and business continuity as best as possible. By leveraging security tools and resources to protect the remote workforce, business leaders can establish best practices that will support an entire organisation not only through this time of uncertainty, but also in the event of future crises.
