September 25th, 2020 Read Time: 5 minutes
The Electric Helpdesk is comprised of experienced IT Professionals with the knowledge and expertise to solve any IT Support question one may have.
Subscribe to our blog and stay up to date
As the COVID-19 pandemic swept across the globe, companies sought an immediate transition to remote work in order to keep business running while complying with social distancing efforts to help curb the spread of the virus.
Despite the lifting of stay-at-home orders, remote workers have been slow to reintegrate to their former physical office setups. According to the Wall Street Journal, fewer than one-tenth of Manhattan office workers have returned to the workplace a month after New York gave businesses the green light to return to the buildings they vacated in March.
Still, some are slowly returning to physical office environments. Whether it’s at the behest of employer demands or just for a change of scenery after working from home for months on end.
This means there is a new trial ahead for IT teams and cybersecurity specialists— they are taking on a 'dual mission' where they are both supporting business continuity and also protecting sensitive data against cyber threats.
However, much to IT teams’ dismay, the pandemic has brought about new cybersecurity vulnerabilities. Attackers have upped their game, and are now targeting the loopholes created by insecure home networks and devices used by telecommuting staff.
A recent IBM study dubbed the Cost of a Data Breach Report 2020 notes some eye-opening findings. Consider the fact that the average data breach costs an organization nearly $3.86 million. Even more daunting, is the fact that 76% of respondents indicate that remote work would increase the time to identify and contain a data breach.
The solution? IT teams must adopt strategies that improve their company security posture amid the new challenges brought about by the pandemic. To achieve this, IT managers must address several considerations for a safe return to the office for those employees who are returning.
As stay-at-home requirements lift, employees in different industries might be enthusiastic to return to a physical office. However, not every staff member will be able to come back just yet; hence IT teams need to prepare the right balance between the two groups.
For instance, you may have staff with underlying health concerns that make them more prone to infection. Others may need to care for children; hence, they prefer to handle their tasks from their homes. As such, you must prepare for a secure return of employees and their devices while also considering safe, long-term policies and solutions for remote work.
Working remotely or using a hybrid return-to-work approach reveals new cracks that could pose as a cybersecurity threat. For instance, VPNs may not entirely sustain the high traffic created by dozens of staff working remotely. Failing to connect to the VPN for long means their devices may lag in patches and updates.
Furthermore, servers and computers within the premises could have been shut down with the advent of the stay-at-home restrictions, hence falling behind with security updates. Fortunately, there's a solution to this concern. Before returning to the normal on-premise business operations, IT teams must keep all the software patched so that the devices are safe from cyber risks.
The switch to remote working structures was rapid, and it could have led to a spike in the use of personal devices to complete work obligations. Travel restrictions and delays in supply chains have slowed global production and product shipping, making it even harder for companies to acquire the latest tools for employees.
As a result, some staff might have ended up relying on their own gadgets to complete work tasks. This isn't just limited to personal smartphones and PCs alone, but also other peripheral devices for storing and transmitting data.
Personal devices come with a challenge—the data from the gadgets must be sanitized before migrating it to the company infrastructure to lower the cybersecurity threat.
Working from home has brought a new dimension of cyberattack vulnerabilities. For instance, using laptops and other similar devices away from the physical office can limit access to the corporate network. As a result, these items may lack the crucial operating system, application, and group policy updates that they would have normally received during “regular” working days.
Upon return to the office environment, reconnecting such devices to the corporate network presents a new cybersecurity risk, hence the need for an exhaustive scan. Some IT teams may not scan the individual devices before reconnecting, however it is essential to ensure this is done.
Finally, this period presents a unique opportunity to reexamine your cybersecurity methodologies. Whatever approach you adopt, ensure you step back and review everything you've learned since the pandemic started. These insights may inform your crucial decisions and strategies for the future.
One model you may consider implementing is a zero-trust model. This IT security model follows the principle that until proven otherwise, any attempt to gain access to the network is considered a potential attack.
A good example of zero trust is implementing multi-factor authentication (MFA) to reduce the risk of attacks. MFA is a security mechanism that requires multiple methods of authentication from independent devices that verify a user’s identity. Using MFA adds an additional layer of security as a nefarious individual will need both devices in order to successfully gain access to the network.
The pandemic has upended business operations in almost every facet. IT teams were initially forced to pivot to enabling just remote work, but are now dealing with additional significant cybersecurity concerns while employees now return to physical offices.
While no company is entirely immune to cyber threats, IT teams that are proactive in their defining their hybrid approach for both remote and physical office workers will be best positioned to prevent them.
Figuring out all your bases to cover pertaining to your organization’s IT strategy is not an easy process to navigate, especially in times like these— and that’s why Electric is here to support your organization.