COVID-19 has accelerated the adoption of remote working practices: Anil Bhasin, Palo Alto Networks
Business continuity will fall apart if employer and employee fail to maintain the same level of security as at the usual workplace, states Anil Bhasin, Regional vice president, India & SAARC, Palo Alto Networks
We are walking the talk by fully leveraging our own cloud-delivered network security product, Prisma Access, to securely connect all employees to the applications they need. The majority of apps and infrastructure we use are SaaS or hosted in public cloud infrastructure like GCP, AWS and Azure providing resiliency and scalability as needed.
We have also transitioned our internal Security Operations Center (SOC) to a remote model in which all our analysts are working from home—the SOC is fully operational and continues to monitor for threats as our own user population shifts to remote work via Prisma Access.
Our business continuity plans are consistent with industry best practices and include workarounds for possible disruptions to our people, facilities, applications, dependencies, and vendors. The all-hazards, multi-scenario approach is designed to ensure the continuity of not just ourselves, but the remote workforces of our all customers.
Key challenges
The nature of our business means that our team has a deep understanding and awareness of what it means to secure our enterprise. However, we know that our customers can face a number of challenges in their respective industries.
The availability of SaaS and cloud-based applications has made it easier for several organisations to facilitate remote work. However, to deal with the challenges and risk factors of remote working, organisations need to adopt a preventative approach to security to ensure long-term operational efficiency, especially during this period of uncertainty.
To do so, organisations require having complete visibility of every device connecting to the network for effective security management. A great way to achieve this is by increasing the levels of security automation. This can help organisations detect and respond to threats near real-time allowing unusual or unauthorised activity to be neutralised swiftly and accurately.
However, technology is just one aspect of cybersecurity. The importance of cybersecurity hygiene cannot be underestimated and should be a shared responsibility between organisations and employees.
This can be achieved by:
* Developing a remote access policy to help educate employees on cybersecurity hygiene and best practices, such as how to identify and avoid risks.
* Continuous education and reminders on good cybersecurity habits, as this is paramount for all employees to be able to work from home seamlessly and securely.
Key lessons learnt
Cybercriminals have been exploiting fears around the COVID-19 outbreak to conduct email scams, phishing and ransomware attacks. These emails and messages entice users to open malicious attachments by offering more information related to the COVID-19 situation, but instead contain malicious files masked under the guise of links, pdf, mp4 or .docx files.
As a first step, employers need to prepare employees who are unaccustomed to remote working to navigate the challenges involved.
This can be done through the development and implementation of an educational framework to teach staff how to identify and avoid risks, as well as outline the clear procedures to follow in case of a cybersecurity incident.
Important considerations to incorporate within this framework include:
* Reminding users not to click on links or open attachments found in suspicious-looking emails or messages relating to the COVID-19 outbreak.
* Helping employees understand how to ensure that they are using a secure connection when accessing the virtual work environment and avoid using unsecured public Wi-Fi connections for sensitive work.
* If the separation of devices is unavoidable, personal electronic devices should have the same rigorous security measures taken with company-provided ones and should be equipped with up-to-date security and anti-virus software, together with the necessary privacy and encryption tools.
Employers also need to evolve their IT environment to better support remote access solutions and provide authentication and secure session capabilities:
* Sensitive systems and data should be restricted where possible, with access reviewed and granted to essential teams only.
* There should be adequate IT support staff on standby to guide employees and deal with any problems they might have.
* Work devices need to be able to encrypt data at rest and protect data on the device if it is lost or stolen.
Tips to secure the work from home environment
Ensuring employees are inside the security bubble and vigilant about preventing cyberattacks requires investment in time, resources and equipment. The whole premise of being able to work from home to maintain business continuity falls apart if the employer and employee fail to maintain the same level of security and practices as at the usual workplace.
Here are some tips to secure the work from home environment:
Devices – only allow authorised devices to access the corporate network for business execution.
Education – Regularly reinforce to employees about the need to exercise the same level of cybersecurity discipline when working from home. There is an opportunity for corporations to develop cybersecurity materials for workers to share with their families to encourage and instill awareness.
Training – Irrespective of where the employee is accessing the network, the provision of up-to-date training and testing employees’ understanding and awareness about good cybersecurity practices is critical. As telecommuting becomes the norm for the foreseeable future, it is prudent for these tests to reference best working from home practices and highlight traps to avoid.
Firewalls – Install next generation cybersecurity solutions as these are designed with remote workforces in mind and allow the extension of firewall-based policies. This gives employees an opportunity to access sensitive resources securely anywhere in the world.
Cloud – Employees using cloud-delivered applications and services must only use those approved by their employer and accessed via the corporate network.
Common IT infrastructure architecture secures the corporate headquarters, branch offices, data centres and remote access, preventing a multitude of cyberattacks. However, we are increasingly seeing that businesses are opting for network security to be delivered via the cloud, protecting users, data, applications and sensitive information, helping to eradicate the differences between office and home working from a cybersecurity perspective.
Today’s employees no longer find themselves bound to the confines of their static workstations, as they seek out flexible working arrangements to improve their work-life balance. Employers have also become more open, embracing greater flexibility at work by enabling their staff to work from cafes, co-working spaces, or even the comfort of their own home.
Device makers and service providers are recognising this tremendous market opportunity, and have been consistently improving and targeting their enterprise offerings to those who wish to use their personal devices at work. Apple, for example, recently announced a partnership with Deloitte, aimed at helping businesses build productivity solutions across enterprise functions such as retail, recruitment and back-office systems. Similarly, Microsoft has greatly simplified the BYOD experience for Windows 10, allowing users to add work accounts to their personal devices, and enabling integration with Azure Active Directory, Microsoft’s cloud solution that manages identity and access for users of its software.
For now, employers could begin looking at how they can potentially evolve their IT environment to better support the cross-usage of personal devices at work, remote access solutions and authentication and secure session capabilities, for use both now and in the future.
While many companies are not ready for large-scale remote working as yet, they are adopting workarounds because their infrastructures are not equipped to handle 100% remote work force policies. The COVID-19 outbreak has, of course, accelerated the adoption of remote working practices, but we do foresee telecommuting becoming the norm for more organisations in the future.
As a first and vital step, employers need to prepare staff to navigate the challenges involved in remote working, particularly if they are unaccustomed to it.
