[BreachExchange] How CISOs Can Secure Today’s Remote Workplace

Destry Winant destry at riskbasedsecurity.com
Mon Sep 14 10:21:10 EDT 2020


https://www.cxotoday.com/news-analysis/how-cisos-can-secure-todays-remote-workplace/

Efforts to manage the COVID-19 pandemic have forced enterprises to
rapidly adapt to new working models. Virtual meetings, live streaming,
automated customer assistance, business intelligence driven by machine
learning, online education, etc., have become the new normal almost
overnight. However, in this rush to adapt, many companies are
neglecting both their risks and change management processes.

Speaking to CXOToday, Juta Gurinaviciute, Chief Technology Officer at
NordVPN Teams said that now that many employees have shifted to remote
work — in addition to organizations being distracted trying to handle
the virus — security and risk management teams need to be more
vigilant than ever.

The key challenge is that businesses are lagging behind protecting
assets from cyberattacks. Out of 2,000 new pandemic-forced remote
workers surveyed in a recent IBM report, 45% said they had not
received any additional security training since going remote. More
than two-thirds of global companies in another recent IDC report also
said they were struggling to strike the right balance between
flexibility and security for remote employees.

“While security is in itself a basic principle, many enterprises have
not received the message that cybersecurity has to be the immediate
and primary focus of their strategic business agendas. These errors in
judgment are why so many companies have become victims of ransomware,
social engineering, or DDoS attacks during COVID-19,” said the
security researcher at NordVPN Teams.

Towards that end, here is a bucket list for CISOs who will not only
have to protect their organizations in remote settings, but will also
need to make cybersecurity an integral part of their plans to deliver
business value.

Ensure employees are aware of the risks. This is especially applicable
for unprotected networks and computers and insecure group video calls.
The CISO and his team must help them to understand the critical role
their diligence plays in protecting the company during these troubled
times.

Educate your team on key cyber risks. Cyber criminals are attacking
home networks that simply aren’t as robust or well-protected as
enterprise networks. CISOs can take the charge to extend realistic
training to employees so they can learn how to spot threats and be an
effective first line of defense for their companies

Secure Web traffic through multifactor authentication and VPNs. When
employees are working in a network environment, securing the traffic
from different sources becomes a key concern. For example, businesses
should mandate two-factor authentication logins and put in measures to
ensure employees’ internet traffic is properly encrypted. CISOs must
ensure that employees connect to cloud services via HTTPS/HSTS only
and use a reputable VPN.

Maintain an accurate inventory of assets. These maps out what devices
and applications can access sensitive information, which is critical
during remote work. This enables security experts to monitor key
attack vectors such as unpatched software, reused passwords or
unsecured devices, even when outside a secure office network.

Adopt a cloud-based data protection service. Today’s remote workplace
highlights the need for always-on security, where data is encrypted,
protected and accessible everywhere. Enterprises should adopt a
secure, globally consolidated data protection service in the cloud
that protects data within a private cloud, public cloud and SaaS
environments.

Update operating systems and software. Security works best when
implemented in multiple layers. For remote workers, employing security
practices like using two-factor authentication, employing a zero-trust
network strategy and using an operating system that is secure by
design. Last but not least, update users’ operating systems and
software on a daily basis.

Set up end-to-end encryption. Apart from the fundamentals, such as the
use of stronger passwords, two-step authentications, etc., you should
make sure that all the communication channels your team members use
are end-to-end encrypted. Video conferences, audio calls, text or
multimedia messages, email, etc. all need to be encrypted from end to
end.

“As COVID-19 has set a new baseline for effective and secure remote
work, we should assume that many organizations will continue to
utilize remote workforces after the pandemic ends,” Gurinaviciute
said. In other words, she believes, if you have 5,000 employees, you
now have 5,000 remote offices to protect. The bandwidth has increased
dramatically, and there’s really no time to waste.

While no network is immune to attacks, a stable and efficient network
security system is essential for protecting data, something CISOs
should take note of to secure today’s remote workplace.


More information about the BreachExchange mailing list