As the restoration of normal working life begins post-pandemic, cybersecurity teams have a new trial ahead: ensuring that employees return to work securely, without triggering a security incident. Even though cybersecurity professionals have spent the past two months trying to secure the new borderless enterprise, no organization is immune from the threats of another shift in the network.
Unlike the rushed, unexpected manner in which many organizations sent their employees home, the return to the office is something that can be planned and prepared for in a more organized and orderly fashion. Cybersecurity teams must not miss this window – they need to act now to ensure the necessary processes and tools are in place before employees head back to their workplace.
Steps to ensure a safe return to work
To reduce risk and facilitate a quick return to normal operations, cybersecurity teams need to consider what threats employees may bring back with them to the office environment. Once these are identified, cybersecurity teams must take proactive steps to mitigate these risks. Below, are three key factors to consider as organizations prepare to return to work.
Patching: Remote working creates new cracks through which users can slip. For instance, a VPN might not be able to sustain the high traffic generated by so many employees working from home; with users not connecting to the VPN for extended periods their laptops or desktops may fall behind on regular updates and patches.
Some computers and servers left on-premise may have been shut down throughout the home-working period and could also have missed regular security upgrades; before returning to the office, cybersecurity teams must make sure that all software is patched across all devices or may expose users to cyber risks.
Cleaning devices: Devices must be screened and cleaned in a staggered manner before being connected to the company network. This is essential to reduce risk and can be enabled by security technologies like Mobile Device Management (MDM), which provides security features during the lifecycle of devices, apps, and content. This typically consists of three phases, with some of the most important security features being:
- Provision: Establishing policies and configuration, installing and encrypting apps and data, installing and configuring antivirus and firewalls;
- Production: Backing up data, updating apps, applying patches and security updates, enforcing updated security policies, monitoring and tracking security violations and threats, and compliance activity-logging;
- Decommission: Disabling lost or stolen devices, remote locking, and disabling network, app, or data access.
Understanding false positives: Before the pandemic, we know that more than 50% of organizations thought their network security analysts were overwhelmed by the vast array of data points and end-point devices they had to track. The number of endpoints will have surged in the last two months. For security teams with identity and access management (IAM) protocols in place, this will have resulted in high numbers of false positives, triggered by employees logging on from different places. As employees gradually move back to the workplace and once again change where they are logging on from, no doubt some IAM systems will again be activated and generate false positives.
Addressing these alerts is not only demanding for security teams, but there is the possibility that cyber-criminals will get lost in this noise as their malicious behavior goes unnoticed in a sea of alerts. To reduce the risk of false positives wreaking havoc in the security operations center, cybersecurity teams should consider introducing multi-factor authentication and reviewing single sign-on for critical applications.
Furthermore, implementing security orchestration, automation, and response (SOAR) technologies can help cybersecurity teams to define, prioritize and drive incident response activities with improved accuracy and speed. These technologies are well worth the investment. As well as being immediately effective in the interim, they also have long-term benefits – for example, reducing the time to onboard cyber analysts and improving security and operations center management.
The current climate has put a lot of strain on cybersecurity teams but it can also be seen as a window of opportunity. The pressure and threats brought about by the pandemic have forced many organizations into action and pushed them to innovate.
For the traditionally conservative cybersecurity department, now is the time to embrace new technologies and make decisions that will not only safeguard the organization against current threats, but also be a positive differentiator in the post-pandemic world.