Whether you consider COVID-19 as a forced shift in the way organizations operate or merely an event that has accelerated a trend that was already underway, it’s clear that remote work will be with us for the foreseeable future. As a result, businesses are rapidly embracing cloud and automation technologies to facilitate increased levels of operational flexibility. It raises the question: What does this mean for security? As more people are working from home, using unsecured devices and wi-fi connections, hackers are seeing a massive opportunity to boost their unscrupulous cyber activities. What should you consider?
- Pay more attention to access
- Embrace applications with cloud-based security
- Cybersecurity awareness training should be a top priority
- Develop stronger remote security policies
The COVID-19 pandemic has created the perfect storm and cybercriminals are taking full advantage of it. Since it began, companies – including some of the biggest companies in the world – have suffered data breaches affecting thousands of customers. For example, a ransomware attack forced Honda to shut down global operations.
1. Pay more attention to access
Cybersecurity has seen a shift away from perimeter-based security where all IT assets are located inside a trusted network. Instead of these system-centric security models, companies should now be looking at securing access to information and embracing zero-trust architecture. Zero-trust refers to the notion that individuals, devices and applications cannot be trusted by default, and must be authenticated and authorized first.
2. Embrace applications with cloud-based security
Cybersecurity together with your business’ application should move to the cloud to ensure enhanced security controls. This includes network, web, email, endpoint, identity and access management, and authentication. This approach will rapidly reduce and ultimately eliminate the need to backhaul traffic from remote locations or to enforce and monitor security through VPNs.
3. Cybersecurity awareness training should be a top priority
Cybersecurity awareness has become more important than even considering that employees are using their own devices for work and connecting through their own home networks. Considering the ever-increasing and sophisticated phishing attacks and employees’ tendency to get careless when they’re distracted by the home environment employees must apply home network hygiene and receive ongoing, successful awareness training.
4. Develop stronger remote security policies
Robust remote security policies – deployed after training – are critical both as a long-term strategy and to unify a business’ cybersecurity defenses, for example, across different branches and offices. To do this, the policy should be compiled viewing the business from the standpoint of a cyber attacker to ensure maximum security cover.
The COVID-19 shift to work from home is likely to continue and businesses and their IT teams need to plan accordingly. This means moving more applications to the cloud, employing cloud-based security solutions and making cybersecurity awareness training for employees a top priority. By committing to a unified approach to security, then doing what’s necessary to operationalize it, businesses can establish a better security model to navigate the new normal.
If you found this post interesting, you might enjoy these too: