For years, organisations have been trying to get to grips with cyber security and figure out how they can protect their systems and network from a breach.
Because the world of cyber security is constantly evolving — with new threats emerging every day — this can be a relentless task. The challenge has only intensified thanks to the coronavirus pandemic, which has seen a mass exodus from the office and employees forced to work from home.
Whilst there was initial optimism that this would only be a temporary solution, it seems remote working is here to stay. Many companies are choosing to keep staff at home for the foreseeable future — reluctant to risk bringing employees back for them to have to pack up and leave again.
However, after ironing out any teething issues, companies have also realised the myriad benefits of this flexible way of working and many organisations — including both large corporates and smaller businesses — have made the decision to introduce a permanent work-from-home policy.
But what implications does this permanent switch to remote working have for cyber security?
Maintaining control
With employees working from home, organisations have far less control than they would in an office environment. They cannot control an employee’s home, who has access to it, who can listen to conversations or even how an employee is accessing company data.
In an ideal world, IT teams should be able to trust their staff to do the right thing. However, that is, unfortunately, not always the case. Rules get thrown out the window when employees are away from the watchful eye of IT, meaning they are more likely to engage in risky behaviours that can leave companies vulnerable. For example, if security policies impede their work, they are likely to seek workarounds.
Whilst not a direct threat to security, the impact of poor staff wellbeing can also have a significant disruptive effect on misuse, abuse and mistakes — resulting in a security compromise. Social care and mental health can become a serious issue for some employees who struggle with isolation. Many employees will be working much longer hours with fewer breaks — and potentially failing to eat as well or get sufficient exercise. As such, companies should consider working with emotional support organisations, such as the Samaritans, to deliver communication around health and wellbeing to staff.
This inherent loss of control means companies must adopt a zero-trust approach to cyber security. Zero trust is based on the principle that every user, device, service or application is implicitly untrusted and will only gain a least privileged level of trust (and associated access entitlements) once it has gone through a robust Identity and Access Management (IAM) process.
No ‘quick fix’
As working from home becomes an accepted practice in today’s business environment, organisations will need to introduce additional security controls to protect systems, networks and vital assets.
Communication, education and awareness are still the most powerful methods for securing company data. Employees should be told what is expected from them when it comes to remote working and the part they play in protecting company information.
Working on the principle of ‘strength in depth’ is also key. Conditional and contextual access management (including privileged access controls) has to be the first security measure businesses implement. This will ensure that only the people with the appropriate access level and from the right location can view, share and alter company resources.
Network segmentation and zoning are also necessary to protect core systems and critical assets, whilst guaranteeing that employees can access the information they need and carry out tasks as required — with minimal disruption.
Other controls include encryption such as multi-factor authentication and enhanced network access controls like secure VPNs. With organisations increasingly embracing the cloud to facilitate remote working, companies can also use a cloud access security broker to monitor all activity and enforce security policies. Equally, Security Information and Event Management (SIEM) solutions can provide real-time analysis of security alerts generated by applications and network hardware.
However, perhaps the most critical action is to take regular back-ups and store them away from the core network — either completely offline or using a cloud backup solution. This will ensure business continuity in the event of a breach or network failure.
At Burning Tree, we have helped customers understand the impact of remote working on cyber security. To find out more about our consulting services and how we can assist with managing risk in the ‘new normal’, get in contact today.