Some changes are permanent: security challenges around the new working practices
The events of the last few months have forced the majority of companies and organisations to adapt quickly to staff working remotely. Specialist vendors of cybersecurity products, remote collaboration platforms, and business continuity systems were able to respond the best — as might be expected.
For most organisations, equipping staff with the tools they needed to work remotely and remain safe online was a hurried process. Most workers now have settled into a routine with which they can get the day’s work done, but often with less-than-ideal effectiveness and security.
There are likely a few organisations crossing their fingers for luck, hoping that things will soon get back to normal. But most are rethinking the ways with which they can empower remote workers, and keep the entire organisation safe.
Both Germany and the UK are proceeding cautiously with regards the level and speed at which the lockdown should be eased (with Germany’s restrictions differing from state to state). But putting the right tools in the hands of remote workers is an essential step now, especially if things progress to “the new normal” too quickly, and lockdown or die Lockerung has to be reimposed.
Regardless of speed of recovery from the current situation, there will be changes to the ways that people at all levels in the enterprise think about work: shift patterns, commuting to an office, working at home or in public spaces — almost every aspect of working life is being reassessed.
Technology has proven that it has the capability to support working models that are radically different from that of 2019, and already people are adopting a new catchphrase of “the new normal.” Even in industries that might not be associated with remote working practices, organisations have discovered advantages to what was forced on them.
In manufacturing, for example, maintenance staff have been able to connect to machines and facilities remotely, to control, monitor and attenuate. While being on-site remains essential to some roles, it’s been found not to be a necessity 24/7. There are possibilities for partial remote working in every sector, and in many, undertaking a day’s work remotely (or a full week’s work) offers advantages: less travel, convenience and work-life balance for the employee, and reduced costs for the employer (rent, utilities, travel expenses, sick pay, and so on).
Working remotely, securely
The perimeter of the company network has now effectively ballooned outwards, although, to be fair, it’s been an increasing trend for the last ten years or more. The change has simply been very much more rapid — massive expansion over days, not years.
Security teams will now be reassessing their policies to cover off increased potential attack surfaces – not because the last few months have created completely new methods of attack, but rather certain of those methods will become much more popular.
Remote workers have always used VPNs (virtual private networks), for example, but we can expect more time being committed to bad actors working on man-in-the-middle attacks, for example.
Similarly, endpoints now used by staff for both personal and professional lives suddenly become much more fruitful targets. Employees need to prove their identities remotely, so multi-factor authentication (MFA) or single sign-on solutions become critical. Employees need equipping with the right tools so that they don’t waste large amounts of time jumping through security hoops, and security teams need new solutions to protect what are effectively thousands of connections to the business’s digital resources through uncontrolled access points: domestic broadband lines, hotel chain proxies, coffee shop Wi-Fi networks, and so on.
The headaches and sleepless nights that IT security personnel are currently suffering could well be helped by Cisco’s current offer of a fully-comprehensive set of utilities, tools and technology – the Secure Remote Worker solution. With 81 percent of security breaches caused by compromised user credentials1(PDF) and only 27 percent of organisations deploying MFA devices to secure access to critical business applications (in cloud services and on-premise), the solution will fit into the work processes of every organisation — from the smallest startup to the distributed enterprise.
Rather than spend paragraphs here explaining exactly what’s included (in brief: endpoint protection, DNS spoofing prevention, MFA and VPN), we at Tech HQ would be wiser simply to point you at this on-demand webinar (in English) which will lay out how any company and any remote worker can be better protected. The new normal might be different from six months ago, but the old cyber threats remain, and every organisation owes it to itself to keep their staff (and their resources) as safe as they can.
10 September 2020