Remote working introduces new risk factors for the firm. Often employees will not have adequate security, yet they need to access key files. Furthermore, employees working at home will often be using their own equipment, which may not be suitable. To add to this, IT department will inevitably over stretched. Each of these is a product of the current COVID-19 situation and looks set to continue in the long-term.
According nCipher Security’s Cindy Provin it is of great importance to put in place measures to adequately secure an organization in the context of a rapidly growing remote workforce and with new ways of working.
According to Provin, a dfferent approach is required by companies to the security question: “With the COVID 19 pandemic, businesses are creating new policies to enable more employees to work from home to keep them safe. And the digital transformation many of us talked about for years is suddenly a reality. Amid this remote work expansion, security and identity are now more important than ever. The challenge, however, is that telecommuters don’t have the protections of their VPN corpororate network.”
A virtual private network (VPN) is a network that is constructed using public wires — usually the internet — to connect remote users or regional offices to a company’s private, internal network.
Further on the subject of VPN, Provin notes: “Though not a foolproof method of cybersecurity, organizations don’t always have enough VPNs to go around amid the sudden work-from-home movement. This, of course, increases the chances of malicious parties targeting teleworkers with phishing emails. Indeed, reports suggest phishing increased 667 percent between the end of February and late March. Organizations that do not use multi-factor authentication (MFA) for remote access are particularly susceptible to phishing.”
She sees the CISO as being pivotal to the success of the new approach to cybersecurity: “Chief information security officers (CISOs) must act now to safeguard their businesses and enable all knowledge-based employees to work from home on a permanent basis. CISOs can work to address the ongoing work-from-home movement with security-as-a-service (SECaaS) offerings. Employing cybersecurity on a SaaS basis enables users to benefit from security immediately and without a major upfront expense. Such cloud-based models also can scale easily as demand requires.”