MegaplanIT
Cybersecurity & Compliance
How Covid Changed The Outlook On Cybersecurity
Written By: Mark Repka - Security Consultant
The Covid 19 Pandemic Has Changed The Way We Think About Cybersecurity.
The impact of Covid 19 pandemic and the resulting shift in workflows have had a deep and significant impact on workers, home/work balance, and cybersecurity. Many companies are finding that the shift to work from home not only makes workers happier but reduces costs in overhead for central offices & costs to the employees [1]. As of June 2020, 42% of U.S. workers were working from home full time accounting for more than two-thirds of economic activity [2]. The widespread implementation of reliable broadband internet and remote access technologies facilitate this change but at what security cost? The implementation of security on home endpoints must be considered when a workforce is using personal or company-issued workstations while at home to perform their duties.
Cybersecurity in the Work-From-Home Era
Implementation of a work-from-home environment needs to be standardized and systematically executed per the technology available. There are a plethora of available guides [3] that break down the workflow process, sensitive information, and security needs of the position to ensure appropriate secure interactions. The real question process owners should be asking is “What part of this process or procedure can be outsourced with minimal impact on quality, availability, and security?” which calls back to one of the most basic concepts of cybersecurity, the CIA Triad [4]. Transitioning all workers to Work From Home may also not be feasible as per 26% of workers in 2020 were required to attend a central office or place of business as essential workers [2]. Keep in mind that compliance requirements for workstations are still valid and although not working in a central office, workers, processes, and data are all in scope for compliance requirement frameworks [9].
Dangers of Working from Home
The introduction of new, unknown environments and networks into a production setting creates issues starting at the network level but eventually disseminating to system and application layers. Remote work-from-home environments do not have the security of a centralized managed firewall unless remotely joined to the network via VPN or other connectivity suites. Central access control may be an issue as corporate workstations may require a centrally managed active directory or LDAP to authenticate prior to allowing the user to unlock the device. Virus attacks or exfiltration of data may be more prevalent as workstations are readily available for personal use after work. Transmission layer security for wireless transmission may be insufficiently protected at the cost of ease of use [6].
Implementation of Cybersecurity at Home
Cybersecurity is everyone’s responsibility, implementation of the correct tools, training, and resources may prevent cybersecurity incidents which may cost both time and capital for a company [5]. The most useful step of defense is to inform the employees and create appropriate data security policies for them to adhere to. These policies allow employees to read and understand the correct and secure way to transmit and handle data within their job roles. Additionally, cyber security awareness training can reduce attacks by 80% through social engineering tactics [7]. Implementation of a centralized endpoint management system will ensure that employee workstations are being updated, scanned, and leveraged appropriately as well as having anti-virus suites active and looking for threats [8]. The landscape of cybersecurity continues to evolve as companies find new and innovative ways to both satiate their employees and conduct secure business processes efficiently. The state of cybersecurity of an enterprise will not be a one size fits all approach and must be tailored to the business. Reach out to a qualified cybersecurity professional for guidance on the proper implementation of remote work-from-home infrastructure to keep business data secure.
References
[1] DeVerter, J. (2020, December 2). In Defense Of Remote Work. Forbes. Retrieved October 3, 2022, from https://www.forbes.com/sites/forbestechcouncil/2020/12/02/in-defense-of-remote-work/
[2] How working from home works out. (n.d.). Stanford Institute for Economic Policy Research (SIEPR). Retrieved October 3, 2022, from https://siepr.stanford.edu/publications/policy-brief/how-working-home-works-out
[3] The phases of remote adaptation. (n.d.). GitLab. Retrieved October 3, 2022, from https://about.gitlab.com/company/culture/all-remote/phases-of-remote-adaptation/
[4] Election Security Spotlight – CIA Triad. (2021, June 15). CIS. Retrieved October 3, 2022, from https://www.cisecurity.org/insights/spotlight/ei-isac-cybersecurity-spotlight-cia-triad
[5] Cybersecurity Training & Exercises | CISA. (n.d.). Retrieved October 3, 2022, from https://www.cisa.gov/cybersecurity-training-exercises
[6] Securing Enterprise Wireless Networks | CISA. (n.d.). Retrieved October 3, 2022, from https://www.cisa.gov/tips/st18-003
[7] Daly, J. (2022b, May 17). How effective is security awareness training? Retrieved October 3, 2022, from https://blog.usecure.io/does-security-awareness-training-work
[8] Stanfield, N. (2022, September 30). Our Top 10 Reasons Why You Should Use Intune for Mobile Device Management. Stanfield IT. Retrieved October 3, 2022, from https://www.stanfieldit.com/reasons-to-use-microsoft-intune/
[9] White paper: Managing compliance for a remote workforce. (n.d.). Compliance Week. Retrieved October 3, 2022, from https://www.complianceweek.com/thought-leadership/white-paper-managing-compliance-for-a-remote-workforce/29945.article?
Looking for a knowledgeable partner for your cybersecurity and compliance efforts? We're Here To Help!
We look forward to talking to you about your upcoming Security Test, Compliance Assessment, and Managed Security Services priorities. Our expert security consultants and QSAs are fully certified and have decades of experience helping businesses like yours stay safe from cyber threats. Set up a time to chat with us about your biggest payment security and compliance challenges so we can partner with you to solve them!
Share this post
Subscribe To Our Newsletter
Most Popular
Post By Topic
Managed Security Blogs
Industry Leading Certified Experts
Subscribe
Subscribe To Our Newsletter & Stay Up-To-Date
Explore Our Blogs
Whitepaper | 10 min Read
Developing An Effective Compliance Program
This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business. We will also outline critical steps towards developing and implementing a useful and effective Compliance Program.
New Service Offering | Contact Us
Ransomware Preparedness Assessment
As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? If not or if you are unsure, MegaplanIT is offering a Ransomware Readiness Assessment free of charge for up to 50 Systems.
ResourceGuide | 8 min Read
Cybersecurity Roadmap For 2022
Companies need to be aware of their current state, where they need improvement, and how to be proactive moving forward. Dialing in on the key elements your organization will need to succeed is a great starting point to having a full-fledged plan in place, and it all comes down to the fundamentals.
Make Our Team, Your Team!
Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.