IT leaders need to create new policies and processes to ensure a return to work is secure.
CISOs and IT security leaders are preparing for the return of the workforce, post-COVID-19 lockdown, planning policies, and processes around employee health and safety. However, it is critical to be aware that the company’s assets and devices are still crucial targets for cyber-attacks. The remote working model has resulted in a significant increase in cyber threats and therefore enterprises need to prioritize security preparation.
A recent (ISC) ² study reveals half of CISOs5 believe they have been following best practices; however, they have also said they could be doing more to secure their remote workforces. CISOs need to focus on certain top factors to make sure the transition of remote working is secure.
Look out for vulnerabilities
Thanks to laptops and other tech devices, employees were able to continue to seamlessly work during the pandemic lockdown. However, the devices that were not connected to the corporate network via a VPN have a higher chance of being a target of cyber threats. Once these devices start connecting back to the corporate network, they can be a risk to organizations. IT leaders need to prioritize scanning of all devices before they return to the network.
Follow a zero trust model
CISOs also need to ensure they are following a zero-trust model and allow devices access only after validating their security. It is important to minimize the risk, since the initial quarantining of devices may introduce risks to user experience and complexity challenges.
Employee awareness and training
Employees had hardly any time to shift to a remote working model with a sudden lockdown. This gave IT leaders no time to educate them about working from home. As offices are gradually opening, CISOs have enough time to create awareness and training programs for employees on the best cybersecurity practices and threats like targeted phishing attacks.
Prepare for a partially remote workforce
All employees may not be able to head to the office in a couple of weeks or months owing to health concerns and family priorities. IT leaders should prepare for a secure return to work for employees and also focus on security solutions and policies for those employees that will possibly work from home for a longer-term.
Reevaluate cybersecurity strategies
The pandemic has given businesses a fair amount of time to reconsider their future plans. Similarly, CISOs can use this time to re-evaluate the organization’s cybersecurity strategies that will be useful in the longer run. The strategies can include using quiet networks to baseline network activity for a better understanding of the anomalous activity. It is now essential for leaders to take a step back and understand what the pandemic has taught them about their company’s security weak points that were exposed.