Businesses across the globe have transitioned to a remote workforce and working from home has become the new norm. This has highlighted several challenges for organisations from both an operational and security standpoint which requires a business continuity strategy.
Doros Hadjizenonos, regional sales director at Fortinet
To address these challenges, organisations must remain agile to help keep business moving during and after Covid-19.
Here are considerations to maintain business continuity amid changing workplace operations:
Conduct a security risk assessment
Because many employees are unable to take their work desktops with them into their home office, they need to leverage web portals and virtual private networks (VPNs) to get their job done. With this several new security risks come to light. For this reason, it is important that organisations reassess security risks from a more comprehensive point of view.
Business continuity and disaster recovery plans are critical, as is a comprehensive security policy that covers things like remote access protocols and managing user-owned devices on the network. It is also imperative that IT teams are able to ensure that all devices connecting back to the network meet network security standards before they are allowed to connect.
Additionally, organisations must confirm they are keeping pace with patch management and maintaining a comprehensive security posture through the use of controls and automation.
Set up and securing a remote workforce
Organisations need to make certain that access control policies ensure that all business-critical users and devices have access to the resources they need to perform their jobs. Businesses must also validate that these users and devices are secure. There are two major issues to focus on to best support a telecommuting workforce:
- Training - organisations must devise a plan for delivering online training to those users who need to learn how to access systems remotely and securely. Remote work tools, such as conferencing platforms, generally put access to your internal network into the hands of users and devices that may not stand up to your security standards. Training these users to recognise red flags will be essential to protecting your more widely distributed network
- Email - currently, the majority of cyberattacks occur via email. In an attempt to steal personal and financial information, cybercriminals have been launching phishing attacks to exploit the current crisis. It is essential, therefore, to have the right security controls and training modules in place to protect your business, your employees, and your customers from compromise.
Business continuity plans have become even more valuable as Covid-19 sweeps across the globe forcing us into physical distancing and then lockdown...
3 May 2020
Test existing security controls and automation
Organisations may be constrained by the number of security workers available to manage ongoing issues and be forced to rely on technology and automation to take care of low-hanging fruit.
Although they may face more alerts, and generate more security data to analyse, organisations with proper controls in place prior to this shift should be well equipped to maintain smooth business operations.
Many businesses may not have had the controls in place to support a remote workforce. For these organisations, controls will have to be built from scratch. This could take some work, as they will need to build controls from the ground up without much of an idea of what their security baseline previously was or how security events could affect them in the future.
Regulations such as POPIA are going to strain the ability of enterprises and service providers in this new environment to maintain required levels of privacy.
While working from home has been gaining in popularity for several years, many organisations have still hesitated to move to remote telework. However, in the wake of the current public health crisis, many of these businesses have been forced to relent. As they test this new working environment, there is a possibility that we will begin to see a cultural shift in how people do business.
As we navigate through largely uncharted waters during these unprecedented times, many new questions and challenges will arise concerning security. Though we may not have all of the answers now, it is nonetheless critical that businesses do their part in securing customer data, employee operations, and business continuity as best as possible.
By leveraging security tools and resources, business leaders can establish best practices and get the support they need to protect their organisations during these times of rapidly evolving workplace operations.