With more than 4,000 reported cases, and many more anticipated by health and infectious disease experts, the Coronavirus (COVID-19) has many Americans changing their behavior, stocking up on necessities and quarantining themselves in their homes for fear of contracting the disease, or spreading it to those more susceptible.
In an attempt to “flatten the curve” – a phrase that experts have been using to illustrate the need to slow the spread of the virus – many state governments are asking social gathering places – from restaurants and bars, to movie theaters – to close for the time being. And many companies and organizations – from government agencies to large corporations – are closing their offices and asking employees to work from home.
However, while telework has been popular for many years across many different organizations, not all companies have embraced it fully in the past. In fact, many companies and government agencies – including NOAA – have been doing telework tests over the past week to ensure that their IT infrastructure is capable of handling an entire, teleworking workforce.
This illustrates just how unprepared many companies and organizations were for a global pandemic, and just how unprepared they were to support an entire workforce that is working at home from an IT and technology standpoint.
Unfortunately, while many IT departments are currently focused on whether remote and virtual desktops and applications can handle the load, there is another problem that an entire teleworking workforce can create for a company – increased cyber risk.
Tomorrow, global endpoint security provider, CrowdStrike, will be holding a Webinar entitled, “Cybersecurity in the Time of COVID-19: Keys to Embracing (and Securing) a Remote Workforce.” This Webinar is designed to help companies, organizations and government agencies that may not traditionally embrace telework overcome the cyber risks and cybersecurity challenges that a remote workforce can create.
In advance of the Webinar, CrowdStrike also shared six key factors that can help ensure remote worker cybersecurity that could be immensely useful to an organization that could be teleworking en masse for the first time. If your organization is working remotely to help flatten the curve of the Coronavirus, here are some considerations to keep in mind:
Make sure you have a current cybersecurity policy that includes remote working.
Strong security policies may already exist, but it is important to review them and ensure they are adequate as your organization transitions to having more people working from home than in an office. Security policies need to include remote working access management, the use of personal devices, and updated data privacy considerations for employee access to documents and other information. It is also important to factor in an increase in the use of shadow IT and cloud technology.
Plan for BYOD (bring your own device) devices connecting to your organization.
Employees working from home may use personal devices to carry out business functions, especially if they cannot get access to a business-supplied device as supply chains may slow down. Personal devices will need to have the same level of security as a company-owned device, and you will also need to consider the privacy implications of employee-owned devices connecting to a business network.
Sensitive data may be accessed through unsafe Wi-Fi networks.
Employees working from home may access sensitive business data through home Wi-Fi networks that will not have the same security controls — such as firewalls — used in traditional offices. More connectivity will be happening from remote locations, which will require greater focus on data privacy, and hunting for intrusions from a greater number of entry points.
Cybersecurity hygiene and visibility will be critical.
It is not unusual for personal devices to have poor cybersecurity hygiene. Employees working from home can result in an organization losing visibility over devices and how they have been configured, patched and even secured.
Continued education is crucial, as coronavirus-themed scams escalate.
The World Health Organization (WHO) and the U.S. Federal Trade Commission (FTC) have already warned about ongoing coronavirus-themed phishing attacks and scam campaigns. Continuous end-user education and communication are extremely important and should include ensuring that remote workers can contact IT quickly for advice. Organizations should also consider employing more stringent email security measures.
Crisis management and incident response plans need to be executable by a remote workforce.
A cyber incident that occurs when an organization is already operating outside of normal conditions has a greater potential to spiral out of control. Effective remote collaboration tools — including out-of-band conference bridges, messaging platforms and productivity applications — can allow a dispersed team to create a “virtual war room” from which to manage response efforts. If your organization’s plans rely on physical access or flying in technicians for specific tasks (e.g., reimaging or replacing compromised machines), it may be prudent to explore alternate methods or local resources.