The COVID-19 outbreak and the call for social distancing has resulted in companies sending directives for employees to work from home. Remote working is already the reality for many of us, and possibly will be the new normal for some time to come. For many organisations, this may be the first time they have moved their staff to work from home en masse.
While business continuity is top of mind, enterprise security also needs to be paramount. The fact is, while the world is grappling with the crisis, cyber attackers are not taking a break. Cyber attackers are using this to their advantage - sending emails with COVID-19 themes to deliver malicious links and malware that attempt to steal critical information such as passwords or confidential data through the likes of phishing emails. We are seeing these kinds of attacks made against education, critical infrastructure, high tech, professional services and even the government sector. Although it is extremely concerning that these incidents are on the rise, businesses can prevent this and the need to be extra vigilant is paramount.
Time to relook at your Business Continuity Plans
Businesses must continue to operate and now, the focus must be on enterprise security. The last thing we need is to allow a cyber attacker to exploit a loophole within critical infrastructure sectors such as healthcare services. That will severely undermine any country's response to this current pandemic.
We will have to look at new ways of doing things. This may mean adapting our security policies to accommodate new ways of working. This pandemic is compelling us to work in a different, yet secure, way. It is an opportunity to be vigilant with respect to our personal, and organisation’s, cyber hygiene standards. Here’s a quick set of questions to ask:
- What are your mission critical areas that need to be up and running during a crisis?
- How quickly can these functions be turned around and used via remote access?
- Are you ready to accommodate all critical functions to operate remotely?
- Is it time to allow ‘bring your own device’ - where employees work on their home devices?
- What security measures do you have for remote working?
Running Your Apps Remotely
Are your critical business functions running as cloud-based applications? If they are, remote access and connectivity are non-issues, although they need to be protected as well. However, if the bulk of your applications are not cloud-based, and you now have your employees working from home, check to see how you can securely enable them to be remotely accessed. Prioritise your efforts on the most critical applications to keep your business running.
Consider the following cybersecurity hygiene steps as we all adapt to working remotely:
- Review and refine your Business Continuity Plans. Stay current on software updates and patches and back up your data religiously. This remains a priority - now more than ever you want to ensure your fleet of remote workers are up to date.
- Be sure to remind your employees not to open email links or attachments from unexpected recipients (especially anything COVID-19 themed). While this is always a concern, we need to be extra vigilant now.
- Identify the cloud-based applications your organisation requires and sanction them immediately.
- Reassess how your employees can use their home computers to access their applications securely and remotely. Acquiring hardware at such short notice will be both difficult and frightfully expensive. Instead, home devices can be audited by your IT helpdesk staff to meet basic security requirements. This is an opportunity to get your staff active and working, even with limited apps.
- Identify critical operations that need to be performed to keep your business running. These key responsibilities are likely to be a part of the existing business continuity plan and ideally should be absolutely secure. This is time to enable remote access to specific stakeholders, whether it is a particular business function or a particular team member, depending on your business requirement.
- Uplift security – Turn on multi-factor authentication (MFA) for remote access and move beyond single form authentication (username and password), which is most likely to be compromised. Allow for remote access to critical apps that promote business continuity. A great example would be Office 365 which is cloud-based already, but ensure you secure it with MFA. Do not rely solely on a password for security.
To learn more about how you can protect your dispersed workforce, watch Palo Alto's webinar on rapidly scaling remote work to enable secure connectivity to SaaS, cloud, and data centre applications. Find out how your business can be resilient and productive, all while maintaining a strong security posture. The webinar will run through architecture and configuration options, share customer examples, and look at how deployment and scalability can be achieved. Register today.