IMPACT ON ORGANIZATION SECURITY DUE TO WORK FROM HOME
The World Health Organization (WHO) has categorized the coronavirus (COVID-19) outbreak as a pandemic. This infectious disease has literally paralyzed the world economy and interrupted free circulation and goods and individuals all over the world. Lockdowns are currently the new norms. While the world is trying to re-awaken to this extreme surge of cases without tangible and plausible solutions, the daily routine of lucky workers who are either too valuable to their organizations or whose services can literally be offered irrespective of their location has been narrowed down to this once loved and appreciated luxury “Work From Home”.
It is systemic, high-profile organizations such as Google and Microsoft are encouraging or mandating their staff to adopt a work-from-home policy. That is easy for such giants and entities with ready infrastructures and policies on remote working. In these companies, the majority of staff are already laptop users. Mobility and remote logins have been in force long before the outbreak.
However, for smaller companies and organizations, remote working is probably a privilege for a limited few and generally revolves around emails or non-operational systems depending on sectors. CIOs and CISOs have surely had to step up during the last couple of months. It is common knowledge that a network is vulnerable when it is being accessed remotely through VPNs. Looking at the cybersecurity landscape since the inception of this biological catastrophe, what can we pinpoint as the consequences of the “Work From Home” requirement on less ready organizations or simply on business entities in general out there?
It would be presumptuous to carry out an analysis per sector of activities. However, the bottom line is that organizations’ data security is simply more vulnerable than ever irrespective of the domain of activities. While few industries like banking and finance and government datacentres are high on the scale of criticality, entities in the health sector still remains real targets; case in point, the World Health Organization has been hacked during this pandemic. The threat is real and more so with the increase of the “WFH” necessity.
For some companies, the sudden surge of remote workers will make it difficult to support a large number of simultaneous VPN connections to their infrastructure and services. Some employees will find it difficult to access the organization resources required for their daily task. This will significantly lower the productivity and affect deliveries and service quality and eventually the client satisfaction and the company’s returns.
In other cases, the VPN access may not be properly implemented. There might be issues with authorization and authentication policies. As a result, some employees may end up accessing data above their clearances. A core goal of cybersecurity entails privacy of information and data from people outside the organization as well as within. The whole purpose of security will thus be jeopardized, and leadership integrity probably compromised.
The more people work from home, the more difficult it is to enable encryption levels for all endpoints. This should be a priority as it minimizes the risk of having sensitive data accessed or compromised due to device theft. However, this will require a stronger maintenance team at the background and given the economic downturn, although the necessity outweighs by far the cost, it is still not without cost to the organization especially in a context of global economic recession.
Working from home is slowly becoming the new norm, as a matter of fact “study from home” is on the rise. The education sector is a good case in point: universities have been delivering distance learning as a feature for some time, while high schools and others are decreasing their dependence on staff and pupils being on-site to learn. In as much as it appears convenient and necessary to curve the rising toll of COVID-19 cases, it remains nevertheless a major preoccupation for organizations’ data security. More than ever, cybersecurity measures need to be implemented and scrupulously followed, otherwise coronavirus might not be the only disaster the planet is to face, but an unprecedented global privacy breach..