A 10-point plan for addressing WFH cybersecurity challenges

For many organizations, working from home (WFH) was uncommon, especially for traditional office workers in horizontal business functions like finance, human resources, marketing, and so on. In addition, they are used to going to someone’s desk when they need something. This affects usage in two ways: remote access is now critical for many employees, and communication and collaboration solutions are essential for many employees’ effectiveness at work.

During this pandemic, we’ve seen increased hacker activity, with spam and phishing attacks on the rise. In addition, new methods are sometimes employed to commit fraud or otherwise harm organizations due to changes in use. For example, once Zoom became widely used for meetings, hacker “Zoom bombing” became a forgone conclusion.

Of higher risk would be a renewed focus on home networks as WFH becomes a new reality for many.

“How should we adapt our cybersecurity controls to address the new WFH reality?” This question is top-of-mind for CIOs and security executives. When it comes to cybersecurity in the post-COVID era, every CIO needs an answer to three key questions:

1. What are the changes in usage patterns and architecture in my IT environment?
2. How do these changes affect risk?
3. What changes do I need to make to my cybersecurity posture and control environment?

 Your 10-point long-term WFH to-do-list

The advice below assumes that the fires associated with triaging the existing control environment have all been put out and the environment is at least temporarily stable.

In the next six months:

• Automate, automate, automate – look for ways to ensure patching, password resets, change control, incident management, and other manual processes are automated wherever and whenever possible.
• Deploy multifactor authentication everywhere – one lesson that should be apparent to anyone is that you can’t rely on passwords for anything, even inside an organization. Though not a silver bullet, multifactor may be the closest thing to a magical elixir cure-all that can reduce risk everywhere.
• Develop a BYOD plan, even if you normally don’t allow BYOD – ensure you have a way for unmanaged devices to access organization resources without compromising on protection. This includes paying attention to home network security.
• Review your data governance policy and program – ensure that owners are identified and any policy issues associated with the content are addressed, such as jurisdictional issues with cloud environments.
• Upgrade the 3rd/4th – party compliance program – create a program of continuous compliance that does not require site visits. Rely on 3rd party audits, continuous reporting of activity and controls, and robust architecture for protection.
• Assess the need for location – or asset-oriented controls – work to eliminate the need for applications to run on a certain device or be in a certain location or on a certain network in order to provide protection.

Within 18 months:

• Create a virtual Security Operations Center (SOC) – either through an managed security service provider (MSSP) or leveraging software as a service (SaaS) solutions, build out a SOC for anytime, anywhere monitoring.
• Separate application and data from network and device security – ensure that applications and data are protected when accessed from any device on any network path.
• Implement a Cloud Security Gateway and /or Environment – create a cloud-based environment to route any/all network traffic through to apply applicable security protection.
• Develop a Distributed Integrity architecture – incorporate encryption and integrity into data and applications.

Lindstrom, Pete. “A 10-point plan for addressing WFH cybersecurity challenges” CIO August 2020

Give us a call at 732.780.8615 or email us at [email protected] if you would like more information on strategies to help protect your business against security threats.