Traditionally, the IT Unit ensures that businesses are secured based on the various security measures put in place. The remote working model trades off some of these security gains by granting access to employees via the internet, from their respective locations. These trade-offs are inevitable to ensure business continuity during this period, but several measures need to be put in place to safeguard the organisation’s data and information from un-authorised access.
While a significant increase in demand stresses IT infrastructure at this time, cyber threat actors are actively seeking to exploit weaknesses that may exist in newly implemented or temporary IT infrastructures.
Companies do not have enough time to create the armies they need. While many organisations are now reconfiguring networks and systems to serve the needs of fully remote workforces, the success of these transformations is often being limited by less-than-optimal technology capabilities.
There is a need to protect IT resources by using a second source of validation apart from the usual username and password, like a phone or smart card to verify user identity before granting access to the organisation’s network. Multi-Factor Authentication (MFA) ensures that your workforce is using the most secure ways of accessing IT resources no matter where they are without any difficulty. Employing multi-factor authentication provides the security that a business needs while still being easy to use for the user. Securing access to applications when employees are outside of the company network can be difficult but using MFA provides the reassurance that applications are accessed securely.
The IT Team should enforce strict passwords even more stringent than Active Directory and search a database of banned passwords, preventing users from setting vulnerable passwords. Organisations that adopt the remote working model should enforce a secure password policy; requiring users to use complex configurations of symbols and letters. The use of old passwords must not be allowed. The IT Team, in collaboration with the HR Unit, must ensure regular training of employees on the proper use of resources to avoid unintended security breaches.
Data leaks, online fraud, and constant network breaches are indications that information security threats are real and present danger to global businesses. It has become necessary to address this at the highest management level. Since the outbreak of COVID-19, many businesses have been hacked, more are still being hacked, and several are going to be hacked, since remote working is now the globally acceptable business model during this pandemic era.
Every time security breaches happen, companies suffer the loss of resources and reputation sometimes irreparably. The damage this does to an organisation’s reputation affects its capacity to continue business with suppliers and clients alike, leaving uncertainty and possible collapse in its wake. The threat landscape currently is complex and continuously evolving. Most organisations are forced to adopt the remote working model to ensure business continuity, even when they are not well prepared for it. Top management must work collaboratively with the IT team to stay ahead of hackers and cybersecurity criminals.
Business continuity, infrastructure security, data and information protection and employee safety are of paramount importance to the top management of every organisation. They are accountable to the business and must stay a step ahead always. Management must ensure to use only trusted resources for the business needs, outsource to trusted partners and provide access to reliable and authorised people only.
Top management must ensure the right information are passed across to all employees to prevent grapevine rumours, making sure relevant information are communicated regularly using the approved collaborative tool. The Corporate Communication or Human Resources Division must be the conduit for direct organisational updates to all staff. Effective usage of collaborative communication tools must be encouraged to establish a forum, and frequency, to share basic safety tips, best practices or any other security-related issues within the organisation. Also, top management must provide staff with guidance on choosing appropriate and official news sources concerning COVID-19, which will help to limit panic, media hype effect, allay fears and instil hope and confidence in the heart of all personnel.
At pcl. we support organisations to develop and implement remote working infrastructure and security for sustainable operations.
Written by:
Tope Jooda
Consultant
