At Nostra, we believe the best defence is to consider a layered approach to Information Security and Cybersecurity at your organisation.
As governments begin lifting emergency orders, company leaders are considering policies, technology and processes that will protect their workforces. Many of these factors rightly centre around health and safety. But we must also acknowledge that all of us are still targets for cyberattacks. The new work-from-home world has poked countless holes in security perimeters. So organisations must prioritize cybersecurity preparation as well.
Going back to work securely
According to a recent study, 23% of cybersecurity leaders said their organization has experienced an increase in cyberattacks since employees started working from home due to COVID-19. While 50% said they believe they have been following best practices, the same security leaders also said they could be doing more to secure their remote workforces. This situation has proven that the bad guys don’t go on vacation during a crisis.
What has changed in the environment during that time? And, what changes have not been made in order to best protect it? This is the gap that CISO’s are charged with filling as companies consider returning to work-as-normal.
It remains unclear when many areas around the world will reopen. As some states and countries communicate their intent to open up (or have already started to do so), the time is now for security leaders to take the steps needed to ensure the transition is secure. Here are some key factors to consider:
1. Scan for vulnerabilities
Laptops and other devices have been a huge asset for enabling employees to continue their work remotely. But while out of the office, those not connecting to the corporate network through a VPN may have not received the necessary updates that they normally would. This presents a risk to organisations when those devices reconnect to the corporate networks. It may not be possible to scan all devices before they return to the network. But security leaders should consider doing this where they can. As well as preparing processes to validate devices returning to the corporate network.
2. Educate employees on cybersecurity
Given the fast nature of the transition, there was little time to educate workers on best practices for remote work. The advantage security leaders have in transitioning back to the office is that there is plenty of time to be proactive in educating employees on best practices. As well as threats like targeted phishing attacks that may look to take advantage of the transition.
3. Prepare for those who can’t return to the office
While some employees may head to work in the coming weeks or months, that may not be possible for every employee. For CISOs, that means not only preparing for a secure return to work, but also for the possibility of needing secure long-term remote work solutions and policies.
4. Consider updating cybersecurity strategies
Finally, there is a unique opportunity during this time to reconsider cybersecurity strategies for the long term. That may include rethinking security policies and procedures for remote work. In any case, leaders should take some time to step back and think about what this crisis has taught them about their organisations and any security weak points that were exposed. That information can inform strategies in the months and years to come. See our post on why cloud infrastructure is key for digital transformation as well.
5. How can Nostra Help?
One of our latest offerings is End User Training. Although businesses may feel their employees would not be fooled by something like a phishing scam, cybercriminals still use this attack method because it continues to be successful.