When governments began to issue the pandemic alert, companies had to quickly learn how to enable a fully remote workforce for the first time.
The rush to quickly acquire and implement new technologies to enable this change has brought new challenges to cyber security and data availability, and has required a change in the way security teams test their organizations' now newly dispersed environments.
Right now, as states gradually move to remove restrictions and allow people to return to work, security teams must once again be prepared to face a new set of challenges.
Many aspects of business will not return to exactly what they were before. Employees returning to work may bring with them infected or misconfigured devices. Or they may have developed the habit of using cloud-based platforms and tools that have not been properly vetted or approved by IT.
Security teams should start preparing now for the ways in which security validations will need to be different when people start returning to the office and companies increase data availability even more.
Large-scale remote working has changed the threat landscape
A gradual shift towards more remote working has been taking place in some sectors for quite some time. However, the COVID-19 pandemic has accelerated it dramatically.
To give you an idea, before the pandemic, only around 7% of the American workforce had the option of working from home on a regular basis, and many companies only allowed a few select employees to work remotely and not the entire company.
For many organizations, the idea of working remotely basically meant that employees could answer emails from their phones.
Then everything changed overnight. Many companies realized that they weren't as prepared for remote working as they had thought. Employees were unable to access the different systems needed to carry out their work.
The IT teams rushed to order more laptops and send them quickly to the staff. Employees began to adopt video conferencing tools that the IT department had not validated and that were not secure (e.g. Zoom). These rapid changes introduced new threats and vulnerabilities to organizations and their data.
Cybercriminals aware of the new reality of companies
As the pandemic progresses, cybercriminals realize that this is a golden opportunity and have stepped up their attacks. They recognize that people are tense under the stress of working from home, locked in and thirsty for any new information about the pandemic, the economy and much more.
This combination makes the public more distracted and less demanding, and therefore more likely to click on unsafe links or fall victim to scams. Attackers have adjusted their tactics accordingly and are increasingly taking advantage of the COVID-19 topic in their phishing scams and malware campaigns, and especially in their aim to steal data and carry out scams.
How to protect your organization
Security professionals need to change their security practices, addressing today's new threat landscape and the future challenges that arise when employees start returning to the office.
Even after the end of the pandemic, remote working will be more common than before. A recent IBM survey showed that 54% of respondents want to continue working remotely on a regular basis, and a Gallup poll said that 52% of organizations would be in favor of allowing more remote work after the pandemic is over.
As a result, IT teams responsible for security must make business continuity plans now, assuming that they will have a hybrid environment with a large number of fully or partially remote workers and must include security and data protection strategies in the face of the new reality.
In addition, to face today's new threat landscape, security teams must ensure that employees have appropriate security technologies and configurations on all their personal devices and home wireless networks, as well as on company-owned devices.
They should make sure that all employees have been given clean laptops before setting up new VPNs or virtual desktops. Otherwise, if an employee downloads a VPN on a laptop that has already been compromised by malware, for example, then returns to the office and connects it to the corporate network, they could spread the malware throughout the network.
Companies should create clear policies and procedures that address not only what is allowed while working from home, but also what will be allowed when employees return to the office.
Looking to the future
Security teams must be vigilant in deploying the right infrastructure, technologies and policies to securely support a hybrid model, and must be prepared to continually upgrade.
In doing so, they will not only be able to keep their organization safe in the changed threat landscape during the pandemic, but they must also position their organization for continued success in the new normal.
Conversys can help your company reduce the risks and impact of this global crisis. Contact our experts now to learn more about Aruba Networks' security, network management and connectivity solutions. We're here to help you meet this challenge.
About Conversys
Conversys IT Solutions is a provider of Information Technology and Communication services and solutions acting all over Brazil.
With a highly qualified technical and commercial team and a partner network that includes the main global technology manufacturers, Conversys IT Solutions is able to deliver customized solutions for IT Infrastructure and Telecom to its clients.
We invest in our employees and partners and strive for a long-lasting relationship with our clients, because we believe that this way we gain the skills and knowledge necessary to innovate and generate value to the businesses in which we operate.
About Aruba
ARUBA, a Hewlett Parkard Enterprise company, is redefining the smart grid with mobility and IoT solutions for organizations of all sizes globally.
Delivering IT solutions that empower organizations to meet the Mobile Generation - mobile-savvy users who rely on cloud-based applications for all aspects of their work and personal lives - and to harness the power of insights to transform business processes. With infrastructure services offered as private or public cloud software, Aruba delivers secure connectivity for mobility and IoT enabling IT professionals to build networks that keep pace with change.
