Adapting online security to the ways we work, remotely and post-coronavirus

July 20, 2020

COVID-19 has tested our ability to pivot quickly how we work and where we work. The national workforce has shifted from in-the-office to online virtually overnight. The good news is that those of us who can work remotely have adapted reasonably well, with 29 percent noting they feel equally as productive at home as compared to the office. It's clear that leaders and workers alike are getting used to this new normal. Now that we're over the hump of adjusting to zero commute time, adapting to virtual communications, and working flexible work hours, we see an increased focus on online security. And what we're seeing is concerning.

Organizations and their employees have always faced cyber vulnerabilities. However, with remote working, companies need to address the many layers of cybersecurity risks. The recent number of 'zoom bombing' incidents is a perfect example showing that the use of remote technologies at scale is causing new headaches and challenges for IT. Recently, a cybersecurity company, CloudFlare, reported a 70 percent increase in cyberattacks since work-from-home mandates were initiated. This leaves IT decision-makers feeling one step behind new threats, and vulnerable to new and looming attacks. At the same time, IT shops tend to carry the full weight of responsibility for online security needs. Instead, online security requires the entire workforce to remain vigilant to threats. Consequently, IT is scrambling to issue new online governance practices, restricting technology use and revamping VPN and other security protocols to limit cyber vulnerabilities.

Cybersecurity remains a primary focus while businesses determine how to keep company data safe while employees work remotely because of COVID-19. Here are three top challenges and solutions to keep your workforce safe both during and after this pandemic:

Compliance standards were not designed for the new reality of remote working.

With all the recent changes facing the workforce, security teams have added layers of stress. For example, are employees logging in to the VPN each time? Are they sharing confidential information or visiting unsafe websites? While less risky in the office, these small missteps can now be damaging to employees' privacy, potentially exposing professional and personal data. The best offense for these attacks is defense, and it is up to the company's IT leaders to ensure all systems are appropriately updated. What's more, employees need to be regularly reminded of at-home security best practices and briefed on new cyber vulnerabilities.

The influx of remote workers is making it more challenging to identify existing and new threats.

Not only were many companies unprepared for the mass transition to remote work, but they were also caught off guard by the added technology and security needs. According to CNBC, 53 senior technology executives say their firms have never stress-tested their systems for a crisis like this. For example, when companies are working from the office, it is easier for IT teams to identify threat agents that make attempts into systems since hackers’ locations are removed from those offices. However, with employees dispersed at their homes, identifying these foreign breaches are less recognizable. Companies have also been caught flatfooted during this crisis by relying on employees to use their personal devices instead of providing a separate work device. This prevents IT teams from identifying suspicious activity.

To keep employee and company information secure, it is up to the CISO and IT decision-makers to create and strictly enforce a regular practice for accessing, editing and storing their data.

Different technology tools are creating complex security issues

Most employees value productivity over security. This is problematic. Employees gravitate towards tools and technology they prefer to get their work done effectively. This creates a shadow IT problem and introduces security risks. An organization cannot expect all of their employees to be security experts. Security awareness training is more important than ever during COVID-19. Proper training, periodic email and instant message alerts about potential threats as well as how to handle and report security incidents and malicious emails provide employees the “security techniques” necessary to protect themselves and the company at large. Keeping employees engaged and alert from a security perspective is a balancing act – too many alerts and they may tend to ignore them – too few, and they might make a preventable mistake from within their email inbox.

COVID-19 is redefining the way we work. Companies won't be the same after the virus abates, and the workforce returns to the office. What's more, we believe most companies will keep their work-from-home practices. As a result, a company's security team needs to create and enforce best practices that empower employees to be productive, freely collaborate while working remotely.

Demian Entrekin, CTO and founder of Bluescape, is a serial entrepreneur who has founded several successful software technology companies over the course of his 25-year career. At Bluescape, Demian leads technological innovation and product strategy. Demian is a recognized leader in SaaS business models and technologies, and has held key leadership roles at software companies like Innotas (formerly Project Arena), Convoy Corp. and Teaching Channel. He is currently a featured writer on the Forbes Technology Council.

Mark Willis, CISO at Bluescape, is a cybersecurity and U.S. military intelligence veteran. Mark is responsible for leading Bluescape’s data security and privacy efforts, and defining the company’s future security roadmap. He brings to Bluescape more than 25 years of diverse security-related experience, most recently as the Director of Software and Mobile Security for CVS/Aetna.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.