As the Coronavirus crisis continues to escalate, all professionals around the world are working from home, creating huge rents in the enterprise security fabric
It is no secret that if a system is pressurized, its weaknesses start becoming apparent. And the COVID-19 has already put enough pressure to test cybersecurity postures and exposing gaps – as WFH is the new normal! With a large number of people working remotely, it is leaving new strains on the network, and hackers’ have turned to the obvious weak spot – VPNs. The pandemic has exposed additional security problems to grant higher levels of privileges to access workers’ systems remotely.
The vulnerabilities have been magnified as all the employees are remote from security teams. The organizational equipment that is left behind as the workers have stopped coming into work is unmonitored, while teams can now connect their own, unsecured devices into the company assets. The organizations that never had a distributed workforce are well aware that their equipment was not meant for secure offsite capabilities. Thus the risks are higher via a VPN or on the internet.
According to expert Lisa Davies, Corporate Security Head at Redox, as reported to have said in a statement to SCMagazine – “Since many of the security controls and tools used by non-distributed companies depend on being on the local network, they cannot do [many] things remotely…These companies have found it more difficult to update, monitor logs, etc. unless the device is on the local network, so when employees take them home, they are in the dark.” She suggested that every organization should monitor company devices, active or inactive, because “a possible indicator a device has an issue, or a remote worker may be tempted to use personal technology. This goes hand-in-hand with technical controls preventing non-company devices from accessing sensitive information.”
During this crisis period, many private and public sector organizations have already confronted various cyber-threats. The Federal Bureau of Investigation has already informed about the rise in phishing scams against multiple businesses. Experts say that it increasingly appears that while support for multifactor authentication options has been a lot of talk of the town lately, not much has been done about it. Many organizations (apparently) haven’t needed it to connect to the network – and some didn’t even disable the company’s laptop or computer’s ability to take screenshots of the window holding the virtual/remote desktop on the host system. However, this needs to be taken care of seriously and quickly.
Amid the critical situation, IT and security professionals across the globe are being pulled between seriously policing potential breaches. They are also helping employees to maintain productivity throughout, and stay focused. Today, the world is full of phishing emails created to prey on those who are operating in a busy ecosystem. Thus, business leaders are continually reminding employees to keep security policies in place to protect their corporate information.
In Matt Petrosky words, VP of Customer Experience at GreatHorn as reported to have said, “They should also build mechanisms to reinforce such policies at the moment they most need to follow – for example within the context of an email asking for financial action or confidential information – so that users can make informed decisions before interacting with suspicious emails…By providing employees with reminders about policies when it matters, companies can significantly reduce the risk for their remote workforce.”