While more businesses are returning to the office, the world we live in is still very far from ‘normal.’ As companies play catch up to our new reality, they will need to re-establish effective controls over new working models and IT and security challenges.
During lockdown, enterprise organizations experienced an 85% increase in phishing attacks targeting remote workers. It’s easy to expect that we’ll continue to experience similar attempts by hackers when employees return to work. Add with the increase of network-connected IoT devices in the enterprise, you’ve got a storm of potential vulnerabilities brewing. Not just staff members and employees who return to the office, but hybrid and full-time remote workers, are utilizing more personal devices than before, adding even more challenges to data and system security.
The onset of COVID has heightened just how important investing in cyber security is. With CISOs and IT departments plugging away at setting up and improving WFH security, they’ll soon become even busier with updating in-office security (if they haven’t started already). In the meantime, here are a few ways your enterprise organization can protect its network from increased vulnerabilities:
- Restrict managed corporate devices to accessing specific networks. Whether it be a company laptop or a dedicated phone, all work-specific devices should connect to secured networks or use VPNs (or SWGs, or SASE solutions) when connecting through generic Internet access and unsecured networks. At home, provisioning corporate Wi-Fi through remote or teleworker APs allows users to segment corporate data from home consumer devices. This will reduce exposure to any vulnerabilities that come from home IoT devices, personal phones or laptop, and even your children’s devices.
- This leads us to BYOD policies – if your organization has a BYOD policy, reevaluate it for the hybrid and/or in-person work environment. With so much activity happening remotely, on mobile and personal devices and in the office, it’s worth considering whether or not your company’s data should be able to be widely accessed. If you do allow BYOD access models to corporate data, make sure your policy and controls address the proper visibility and control such as an MDM or agent that ensures the organization has control over its data security.
- Eliminate lower tier attacks by equipping employees with antivirus protection licenses for use on their personal computers. This is extremely valuable if your organization has a BYOD culture. Like other protections, this won’t prevent 100 percent of attacks, but it does provide another level of protection.
- If anything, COVID-19 taught us that preparation is key. Conduct frequent cyber crisis scenarios to ensure your organization is prepared to respond to a cyberattack. This will help you determine where your greatest vulnerabilities lie and present you with the opportunity to update networks and systems before it’s too late.
The ability to react quickly to unforeseen events comes with preparation and an investment in cybersecurity. In today’s landscape, it’s important to stay ahead of the curve and look at what’s coming rather than just the situation at hand. An investment in security is an investment in your stakeholders and employees as well as a key indicator of organizational success.
Drop us a note or contact us for a free consultation to discuss your options for building a trusted remote or in-house network with best-of-breed security solutions.