Trouble sleeping at night?
In the current heatwave I, along with many others, are struggling to sleep.
It was during this constantly sweaty, fidgeting state that I thought about how many others were experiencing the same uncomfortable night, perhaps hatching plans to install air conditioning just like “in the office.”
I also realised that some poor souls have likely had these sleeping troubles the past few months.
Not because of the hot weather, but rather night after night worrying about the security of their IT infrastructure and the whereabouts of their business data now workforces are scattered all over the place.
Users have been working from home, trying their best to deal with the situation, while at the same time unintentionally expanding the once known and secured boundaries of the corporate network.
In the rush to keep businesses running, compromises were made. Certain practices were put in the “acceptable risks” category. After all, “it’ll only be temporary,” right?
Employees took their laptops home, some even their office PCs and phones, and with their usual, unsung ingenuity, IT departments got things running.
In typical IT fashion, the chosen solutions likely included a number of acronyms: VPN, RDS, RDGW, SDWAN, VDI, ACL, IPSEC, SSTP, DSL, IPS, I could go on…
Whether accessing data in the cloud, the data centre or the head office, IT teams worked their magic and most of us have appreciated the ability to work remotely.
While some businesses are re-integrating staff into their office buildings much to their DPO, CISO and IT department’s relief, many are still considering their options.
COVID-19 is still a very real threat and asking staff to get back on crowded public transport to congregate in one, air-conditioned place is a risk many are not willing to take.
Other businesses are even considering if the ‘old way’ of working is really needed any more and could this more flexible, diverse and often more productive way of working continue once the pandemic is a distant memory?
Spare a thought for the CISO though.
With so many changes thrust upon the world, every CISO out there found themselves in a unique situation. Even in the depth of Hollywood fiction, entire countries going into lockdown was not a realistic enough storyline, so how likely would it have been in a business continuity plan?
Yet in March 2020, a month that will live on in infamy, that is exactly what happened.
CISOs were thrust into an impossible situation – bend, brake or quickly re-write security policies, or risk having to shut down the business.
In this situation, keeping trading had to be the priority but unfortunately there was one ‘trade’ out there that has flourished as panic and confusion ensued.
Cyber-crime, almost before people had gotten home from work the final time, phishing attempts had spiked, preying on the fear and confusion the global pandemic had caused. Malware was published as COVID-19 tracking software and this malicious onslaught has since continued.
Many IT and security departments have been reacting to the situation ever since, keeping things afloat, and while users chug along, IT teams are stretched, keeping the equilibrium, hoping for things to return to before as soon as possible.
If you run an in-house IT department or use a third party partner, now is the time to take stock of your landscape and understand the risks that have been introduced.
Based on this new landscape, some questions to ask include:
- Are all workers using known, company managed computers to access the office network?
- Do these machines conform to your corporate antivirus and patch management policies?
- Do you have people connecting their machines via their home network?
- Is everything on that network secure, supported, patched and known to your security team?
- Does this connectivity conform to all corporate compliance requirements?
- Do users need additional cyber security training to keep them safe?
- Have you provided a best practice guide on video conferencing / screen sharing?
- Do people need additional training?
- Is their internet connectivity stable enough to remain productive?
- Can the company afford for a broadband issue to disrupt a user’s connectivity?
- Are your users able to organise their workspace so confidential data on their screens is kept confidential from others in the home?
If you and your cyber security team still feel that this is a minefield they are in and if you, your CISO or your IT team are still lying awake worrying about the security of your data, IntraLAN can help.
Our solutions can help, from end user phishing training, to dedicated business grade broadband, and even a solution where users can carry a security bubble with them (meet Work IN).
Working from home is going to be a far bigger part of everyone’s life for the foreseeable future. It is vital that you understand the risks as quickly as possible. There will always be new threats on the horizon, but if your cyber security team is constantly looking back at the new landscape, it will be much harder for them to keep their eye on that horizon.
At IntraLAN we can help your CISO return to the relative safety and security they had built for your business so they can return to their job of looking forward, keeping you and your data safe.
I, for one, think that our solutions will help your team sleep better at night. Well, once it’s cooled down a bit at least…