Palo Alto Networks
Any comparison between corporate IT infrastructure preparedness during the severe acute respiratory syndrome (SARS) and the coronavirus disease 2019 (Covid-19) should be treated lightly. During the SARS period 17 years ago, working from home was an unworkable concept due to bandwidth limitations and clunky tech. Cybersecurity, like the office environment, was desktop orientated and mass market smartphones and tablets were at least five years away.
Today, the situation is different.
There are dozens of ways to access networks, remote offices are common, the mobile office is a reality, there is an abundance of bandwidth, and cybersecurity harnesses artificial intelligence and other advanced technologies.
This month many organizations in the Philippines have allowed staff to work from home due to health concerns in light of the Covid-19 outbreak. This duty of care seeks to protect the health, safety and security of employees while maintaining business continuity.
Yet enterprises need to ensure there is a similar duty of care applied to IT infrastructure; and try to avoid taking a flexible approach.
In many organization, there would be staff who are required to operate outside the office environment and these mobile workers would access the corporate network with authorized devices and apps in a disciplined environment.
Employers have strict Bring Your Own Device (BYOD) guidelines and policies for staff wanting to use personal devices to access corporate networks and systems inside the office. These policies require every BYOD device — smartphone, tablet, laptop etc. — to receive authorization by the IT department before connection to the network is allowed.
But when staff are allowed to work from home to enable business continuity, this raises serious cybersecurity issues.
This is evidenced in “The State of Cybersecurity in Asia Pacific” survey by Palo Alto Networks; almost half (47%) of respondents stated their biggest cybersecurity challenge was their employees’ lack of cybersecurity awareness.
Imagine if those employees are working from home and accessing devices used by the family for business purposes. Corporate cybersecurity is designed to protect IT
infrastructure but, unless there is a special arrangement, this security apparatus is limited to the workplace.
This exposes the employee to potential exploitation by cybercriminals and puts their employer at risk.
Having employees inside the security bubble and preventing cyberattacks requires investment in time, resources and equipment. The whole premise of being able to work from home to maintain business continuity, falls apart if the employer and employee fail to maintain the same level of security and practices as at the usual workplace.
Here are some tips to secure the work from home environment:
Devices. Only allow authorize devices to access the corporate network for business execution.
Education. Regularly reinforce to employees about the need to exercise the same level of cybersecurity discipline when working from home. There is an opportunity for corporations to develop cybersecurity materials for workers to share with their families to encourage and instil awareness.
Training. Irrespective of where the employee is accessing the network, the provision of up-to-date training and testing employees’ knowledge about cybersecurity is critical. Even better if these tests reference working from home and highlight traps to avoid.
Firewalls. Install next generation cybersecurity solutions as these are designed with remote workforces in mind and allow the extension of firewall-based policies. This gives employees an opportunity to access sensitive resources securely anywhere in the world.
Cloud. Employees using cloud-delivered applications and services must only use those approved by their employer and accessed via the corporate network.
Common IT infrastructure architecture secures the corporate headquarters, branch offices, data centers, and remote access, preventing a multitude of cyberattacks. The trend now is for network security to be delivered via the cloud, protecting users, data, applications and sensitive information.
This development would help to eradicate the differences between office and home working from a cybersecurity perspective. For now, corporations need to ensure ‘business as usual’ efforts extend to staff working from home, especially when it comes to cybersecurity.