COVID-19 has occasioned a swift enforced change for millions of people who have had to replace on-site working with remote work environments. These changes have been necessitated by the strict protocols and regulations that most governments have implemented to control the spread of the deadly virus. Before the Coronavirus pandemic broke out, only about 33 percent of all American employees worked remotely for at least some time. Since COVID began, the number of US employees working from home increased to 74 percent. About 49% of these workers were entirely new to the remote working experience.
This increased shift in remote working is a challenge many organizations have never had before. Productivity took precedence over security as the business operation mode changed abruptly. Businesses were forced to adopt a ‘tech on the fly’ mode to ensure operations ran smoothly by quickly sending employees to work from home.
With cybersecurity overlook, employees, some of whom were inadequately trained for working remotely, are experiencing significant disruptions in their work and home lives. Employees have to contend with the lack of collaboration tools and interpersonal training to navigate remote work cybersecurity situations. With about 65 percent of the workforce using their personal computers to work remotely, about 25 percent of the employees do not know the security protocols in their devices.
With the faster than anticipated transition to remote working due to COVID-19, IT and security teams had a scrambled crisis response that resulted in gaps and cybersecurity vulnerabilities. Employees have to rely on non-hardened work devices and at-home Wi-Fi internet networks that do not offer the employees the protection they need. Detection tools such as antivirus rely on a stable internet connection for high efficiency in identifying and blocking attacks. Working from non-hardened endpoint devices such as personal laptops poses a significant risk to the security of enterprise networks.
A considerable shift to remote working has also expanded the attack surfaces have grown during the Coronavirus crisis as employees rely heavily on collaboration apps. Collaboration tools such as Zoom have become the target for malicious parties, with those that have less than adequate patching protocols being the most at risk. Such vulnerabilities in collaboration applications have led companies like Google, SpaceX, and NASA to ban their employees from using such tools to reduce the risk of more sophisticated breaches.
For organizations that had invested in their cybersecurity infrastructure, the investments are paying off. For such companies with modernized infrastructure and an adequately trained workforce, the transition to remote work was quick and did not compromise security.
COVID-19 has seen many organizations suddenly have to support an entirely remote workforce. While many companies took a “connectivity first” approach to the initial response, organizations are now struggling to meet remote workers’ demands. Companies now have to assess the security and control gaps that exist in the remote work set-ups to close all the gaps that malicious cybercriminals are eager to utilize.
There are several practical ways through which companies can take to help reduce their cybersecurity risks and build trust during these challenging times. CISOs and C-Suite leaders can stay in touch with the employees to support and enhance robust remote-work set-ups. By implementing real-time visualization tools, companies can track, while respecting the workforce’s privacy, their employees’ state in real-time, which offers crucial information that may guide the top-level decision-making while respecting their privacy.
Companies can also assess, identify and work to eliminate gaps in their security and control of their remote workplace environments. This will help the organization to secure its distributed and remote work models for the long term.