Keeping information security top of mind through COVID-19 response
Remote workforce risk and security best practices
April 3, 2020 | By: Kory Patrick
Navigating the implications of the COVID-19 pandemic is unprecedented. Our first and foremost priorities are ensuring we’re supporting our employees, consultants and clients across the globe. As a full-stack technology and talent partner, we want to share our experience and offer support in how to alleviate the uncertainty around mitigating risk as many businesses shift to a primarily remote workforce for an indefinite period of time.
Pandemics have been written into crisis communications plans for over 20 years as a potential scenario to be considered. But it’s not until now that these plans are truly being tested—this pandemic is unprecedented in the modern business era. Many companies typically operate from large campus environments—and within a week, many have gone to nearly all-remote workforces. From a risk and security perspective, what should be top of mind as organizations start prioritizing business continuity and resilience?
A secure mobile workforce
As the world catapults into remote working, being mobile poses real security threats. Utilizing VPN, cloud and personal devices for work has created vulnerabilities. Is this expected? Absolutely. Companies and people are trying to do the right thing. Right now, availability is what we’re trying to preserve. However, it’s never been more important to have a plan on how to respond if those identities or systems are compromised. In the future, we can expect to see organizations rethinking remote connectivity and investing in security tools that mitigate risk and allow folks to properly utilize their devices.
From an infrastructure perspective, the most at-risk organizations are those just beginning (or haven’t even begun) their cloud journey. With internal infrastructure that requires most employees to report to brick and mortar buildings, there is additional strain on networks, bandwidths and resources to support remote. Regardless of how long this current situation lasts, the future of work is remote-enabled and the need to scale remote access is pertinent. It’s clear that organizations who are cloud-first will be more resilient and agile in the face of adversity.
Process changes and privacy
Right now, most business is being conducted in people’s homes, on personal devices and around immediate family members. This enforces the need to be proactive with privacy and compliance— it’s challenging when the data and identities you’re trying to protect are fluid across an enormous scale of IoT devices that are being pushed out to vulnerable home networks. This age of IoT presents increasing risks in cybersecurity and identity access management.
As for the long-term security impact? Still not mission critical. However, it is certain that mitigating risk and securing businesses via disaster recovery and business continuity will be more top of mind than ever before.
Kory Patrick is the risk and security practice leader at TEKsystems. He leads advisory and consulting services for the enterprise environment focused on reducing risk to the business by addressing security, privacy and compliance challenges through effective governance, identity and operations management in cloud, on-premise and remote environments.