Although South Africa’s national lockdown has entered a less-restrictive Level 3 phase, with many more businesses having been permitted to start operating more fully again since the 1st of June, employees that can work from home are being advised to continue doing so until further notice. Recent research has indicated that the Covid-19 pandemic infection rate is still likely to peak, which means that individuals will continue to be very susceptible to contracting the virus for several months thereafter. Working from home for those that can makes a lot of sense under such circumstances.
During April 2020 there was an unprecedented shift in the management of cyber security protocols and infrastructure as IT admin staff needed to find the best possible solutions in the shortest amount of time for home workers. This included factoring in the reduced control that they would have over users that had less capable product and systems knowledge, which required setting up new protocols and rules to be able to manage the associated risks as effectively as possible.
Fortunately, modern technology and ingenious IT entrepreneurs at major global corporations have provided users with the necessary tools to communicate with each other remotely in group meetings and the like. This includes solutions such as Zoom, MS Teams and GSuite, in addition to the widely-used WhatsApp for group messaging and one-on-one interactions, which are easy to deploy and use and which have helped most people with internet access and IT devices to engage with each other regularly. Google has also launched their new Meet video conferencing service as a Zoom competitor and is currently free for everyone to use for personal video chats.
Unfortunately, hackers and cyber criminals have seen new opportunities under the current lockdown circumstances, which has raised new privacy and security concerns for many previously secured devices. The security of the corporate network with its firewalls, domain user and access management, protected servers, workstations and other devices, together with mostly effective user monitoring has been lost by most employees working from home. In an ideal world, IT departments would have already issued all employees with corporate-owned and managed computers such as laptops and other mobile devices that included all the necessary tools and policies in place. This would include secure Virtual Private Networks (VPNs) to ensure that people could access the systems and data they needed to perform their roles safely and securely. These would include the following:
- Multi-factor authentication to ensure that people and devices logging on to the business network are who they say they are.
- VPNs to ensure network traffic between central systems and remote devices is securely encrypted at all times.
- The ability to manage employees’ devices remotely using MDM, VNC etc.
- Tools to ensure detection and response remotely to any anomalies on the network, monitoring activity on remote devices and dealing with any threats remotely – i.e. Endpoint Detection and Response (EDR), Managed detection and Response (MDR), Endpoint Protection platforms (EPP), remote logging and the like.
- A clear, well-communicated security protocol with strong procedures to ensure employees’ adherence.
We do not live in an ideal world, of course, and these are not the normal concerns of the average non-IT person. IT and management-level staff are now relying on their workforce to make educated decisions when it comes to cyber security. For example:
- Who gets to use the WFH (work from home) workstation?
- What links clicked are on and websites visited.
- Whether attachments are safe to open.
- What devices are connected (e.g. USB or hard drives).
- How secure the own home network is.
- Whether the devices are properly secured when not in use in case they get stolen.
- The prevention of gaming and other activities on devices.
- Is software safe to install or even allowed within the business?
- Is the device up to date with all the latest security patches?
Europe’s largest cyber security company, F-Secure’s own security consultants have compiled the help guide, “Cyber Security Guidance Related To COVID-19”, to assist IT teams. The guide documents procedures and advice for implementing a more secure WFH experience. It also covers topics including F-Secure’s observations related to the changing threats, business continuity, Increased event monitoring and Personal devices.
The following are the links to the article and document:
Cyber Security Guidance for Covid 19
Cyber Security Guidance for Covid 19 PDF
Working from home (WFH) is the new trend that will certainly be a permanent feature now for many employees going forward. As more people and businesses become accustomed to this model, WFH will likely remain and become integrated into more business models long after national/international lockdown ends. Adaptability is the key to the survival of businesses during difficult times, such as the one we are currently all experiencing and now is the time for IT departments to consider a shift to cloud infrastructure and integration in order to keep the workforce running as it should.
To quote Leon C Megginson:
“It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change”