The Covid 19 Pandemic Has Changed The Way We Think About Cybersecurity.
The impact of Covid 19 pandemic and the resulting shift in workflows have had a deep and significant impact on workers, home/work balance, and cybersecurity. Many companies are finding that the shift to work from home not only makes workers happier but reduces costs in overhead for central offices & costs to the employees [1]. As of June 2020, 42% of U.S. workers were working from home full time accounting for more than two-thirds of economic activity [2]. The widespread implementation of reliable broadband internet and remote access technologies facilitate this change but at what security cost? The implementation of security on home endpoints must be considered when a workforce is using personal or company-issued workstations while at home to perform their duties.
Cybersecurity in the Work-From-Home Era
Implementation of a work-from-home environment needs to be standardized and systematically executed per the technology available. There are a plethora of available guides [3] that break down the workflow process, sensitive information, and security needs of the position to ensure appropriate secure interactions. The real question process owners should be asking is “What part of this process or procedure can be outsourced with minimal impact on quality, availability, and security?” which calls back to one of the most basic concepts of cybersecurity, the CIA Triad [4]. Transitioning all workers to Work From Home may also not be feasible as per 26% of workers in 2020 were required to attend a central office or place of business as essential workers [2]. Keep in mind that compliance requirements for workstations are still valid and although not working in a central office, workers, processes, and data are all in scope for compliance requirement frameworks [9].
Dangers of Working from Home
The introduction of new, unknown environments and networks into a production setting creates issues starting at the network level but eventually disseminating to system and application layers. Remote work-from-home environments do not have the security of a centralized managed firewall unless remotely joined to the network via VPN or other connectivity suites. Central access control may be an issue as corporate workstations may require a centrally managed active directory or LDAP to authenticate prior to allowing the user to unlock the device. Virus attacks or exfiltration of data may be more prevalent as workstations are readily available for personal use after work. Transmission layer security for wireless transmission may be insufficiently protected at the cost of ease of use [6].
Implementation of Cybersecurity at Home
Cybersecurity is everyone’s responsibility, implementation of the correct tools, training, and resources may prevent cybersecurity incidents which may cost both time and capital for a company [5]. The most useful step of defense is to inform the employees and create appropriate data security policies for them to adhere to. These policies allow employees to read and understand the correct and secure way to transmit and handle data within their job roles. Additionally, cyber security awareness training can reduce attacks by 80% through social engineering tactics [7]. Implementation of a centralized endpoint management system will ensure that employee workstations are being updated, scanned, and leveraged appropriately as well as having anti-virus suites active and looking for threats [8]. The landscape of cybersecurity continues to evolve as companies find new and innovative ways to both satiate their employees and conduct secure business processes efficiently. The state of cybersecurity of an enterprise will not be a one size fits all approach and must be tailored to the business. Reach out to a qualified cybersecurity professional for guidance on the proper implementation of remote work-from-home infrastructure to keep business data secure.
Looking for a knowledgeable partner for your cybersecurity and compliance efforts? We’re Here To Help!
We look forward to talking to you about your upcoming Security Test, Compliance Assessment, and Managed Security Services priorities. Our expert security consultants and QSAs are fully certified and have decades of experience helping businesses like yours stay safe from cyber threats. Set up a time to chat with us about your biggest payment security and compliance challenges so we can partner with you to solve them!
