7 Critical Cybersecurity Strategies for Safe Return to Work

For months, organizations have been fighting against cyber threats and fixing the gaps in cybersecurity strategy that could open the door to hackers. As workplaces and schools plan to reopen, Ryan Benner, Anexinet’s  Vice President of Infrastructure Services outlines seven critical security strategies that can aid a safe return to work. 

In April 2020, Gallup data revealed that 63% of US employees worked from home over the past seven days—the majority due to the COVID-19 pandemic. In addition, a March 2020 Bloomberg report revealed that 44 million K-12 US children started backfilling classroom work with an online curriculum. It’s plausible that many of these K-12 students are also using their parents’ laptops for schoolwork, and perhaps engaging in other more risky online activities. 

This sudden shift from the cubicle to kitchen table, classroom to curb has opened a host of new challenges for those in charge of keeping criminals out of corporate networks.

William Altman, the Senior Analyst at the Global Cyber Center of NYC, underscores today’s cybersecurity concerns in Forbes.com, “Organizations of all kinds are facing an uptick in email-based threats, endpoint-security gaps, and other problems as a result of the sudden switch to a fully remote workforce…It’s now more important than ever to consider both the security practitioner as well as ethical-hacker perspectives in order to stay secure, that#39;s what this is all about.”

Put another way, all these displaced students and employees working at home on laptops created hundreds of thousands of new network-entry points. It takes just one bad guy finding one weak spot to put an entire organization’s network at risk. This problem will persist for some time and explains why over 250,000 cybersecurity jobs are currently posted on LinkedIn.

An organization that fails to enact all the current security patches as people shifted to remote, or that takes shortcuts with respect to policies and controls runs an elevated risk of malware and ransomware finding its way onto remote devices. As these devices are brought back into classrooms and corporations, some of these dormant security threats could activate and infect other devices or data center services.

Learn More: 5 Ways SOAR Helps Protect Remote Workers from Emerging Cyber Threats

Criminals don’t adopt things that work and then abandon them. They stick with the vulnerabilities that produce results. The human element is always the weakest link in the cybersecurity chain. The fear, doubt, and uncertainty surrounding the COVID-19 pandemic create a ripe environment for phishing attacks. In fact, the FBI warns that emails claiming to be from the Centers for Disease Control and Prevention are fraudulent and are using links to deliver malware or conduct ransomware attacks.

To help prevent these attacks and create a strong defense now — and as people return to school and offices—cybersecurity professionals should keep these seven steps in mind:

1. Conduct a security risk assessment often
2. Using your risk assessment, develop a security program charter, and build a Defense-in-Depth cybersecurity strategy to meet the goals
3. Find the right mix of tools to mitigate your risks. Consider next-gen firewalls, endpoint protection, DNS security, email & web securityOpens a new window as well as intrusion detection software 
4. Assess your critical data and create protection and backup policies with redundancies that prevent serious business impact from potential data loss and extortion   
5. Establish semi-annual, mandatory security awareness training for all staff 
6. Use security information and event management (SIEM) tools in a highly-distributed environment to issue alert on suspicious events 
7. Establish vigilant patching and compliance procedures

Learn More: IT Leaders: Don’t Overlook Security Awareness Training for Employees

Charles Darwin reminds us that “it is the one most adaptable to change” who survives. The COVID-19 pandemic has forced change upon us all: at work, home, and in social interactions. The organizations that have elevated attention to their security posture will adapt to post- COVID IT operations far better than those who ignore them. 

Keep in mind that these two situations will always remain constant:

1. Security should never be just a point product
2. You can’t fully control where and when people work, but you can control the network

Knowing these truths will help insulate networks from the ever-present “bad actors” waiting to exploit any opportunity.

Comment below to let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!