A year into the COVID-19 pandemic, much has changed in both personal and professional lives. Although changes are coming with more vaccines being distributed across the country, in some ways the pandemic will alter how we live forever. One such way is in the way we now do business. Many organizations realized that remote work could actually be a viable option for their employees and themselves due to the pandemic. However, such a large shift to remote work comes with new adaptations. One such adaptation is cybersecurity management under this new remote work or hybrid remote/in person work model. Recently, a webinar lead by Scott Logan, Director of Security at NetGain, and Tim Smoot, Senior Systems Engineer at Arctic Wolf Networks, discussed the implications of the new workplace model on cybersecurity. Read on to learn their insights.
Emergency Adaptation and Cybersecurity Management
Both Smoot and Logan explained that originally, the shift to remote work in 2020 was an extremely rapid one. Most businesses flipped the switch quickly on sending all employees home, and therefore, setting them up with remote access. While this worked well for productivity, from a security standpoint it left a lot of possible chinks in a business’ security armor, Smoot explained. There was no time to assess the details of the move to remote work, or to make a detailed plan like an organization would with a typical project. This included keeping on top of end user education, such as recognizing cyber threats. With things like malware going up exponentially , and the likelihood of malware and ransomware being by let in by an end user, this was a particular area of concern. Finally, the IT departments were not ready for broad visibility into this new setup when the switch was made. IT individuals had to adapt to a “new normal” just as everyone else had, which included needing to detect threats and protect the organization in new ways, on top of trying to help all employees function and complete work remotely.
All of these elements set up organizations to be at potentially very high risk, said Logan and Smoot.
Remote Work is Here to Stay
Workers want continued flexibility as do executives; your cybersecurity management plan needs to be prepared for this. Hackers are only going to find new ways to infiltrate as the workplace changes. Smoot and Logan outlined a few ways to protect your business as the workplace structure continues to evolve.
Protective Measures for those returning to the office
While coming back into the office will bring many changes, there were a couple Logan and Smoot wanted to emphasize from a security standpoint. Bringing back employee's systems that may not be updated or secured from working remotely needs to be approached with caution. Both Logan and Smoot explained that the IT team needs to think about how to bring these systems back in safely, with quarantine protocols, scanning, and assessments, to ensure they are safe to bring back on to the company network.
Evaluating employee cybersecurity awareness post-remote work is also helpful, both experts explained, as employees have been in such a different environment that they could make mistakes simply from the altered situation. And, of course, continual employee cybersecurity training is always a good thing.
Considerations for the Hybrid Work Environment
Smoot and Logan suggest making a plan for adapting to this setup long-term, since the commonality of remote work is not going away. Organizations need to consider what new elements to keep in mind with this new situation, and ensure their plan is all-encompassing. Smoot stressed - just because you made it through the remote work shift unharmed does not mean you will continue to stay protected without the proper security measures. There are far too many risks at play to not adapt your cybersecurity management. The main considerations for security going forward into this new workplace:
- Endpoint Monitoring - Endpoint monitoring is more important than it may have been previously, so that your organization can observe potential threats coming from any direction. You should have the ability to assess them and secure from anywhere, Logan explains. Internet of Things (IOT) devices both in and out of the office may not have been monitored; some of the biggest breaches that have happened were because IT was focused on end users and not endpoints, firewalls or similar.
- Restructuring cybersecurity strategy in order to have the proper management for this new situation. Both Logan and Smoot could not stress this enough. Remote work needs more security around data rather than just emphasizing the accessibility that was focused on in the emergency stages of the pandemic.
- Assess in-office equipment - use vulnerability scans, and assess what is useful and up-to-date, so that it can be secured properly, Smoot added. Due to the emergency nature of the shift, during the move to remote work older devices may have been used that cannot be secured properly, and they must not be used anymore.
- Both experts explained that a partner such as Arctic Wolf or NetGain that will help you strategize properly and stay on top of cybersecurity updates and trends will be extremely advantageous in having a strategy that protects your business.