For businesses across all sectors of the global economy, cyber security has become one of the biggest risk factors associated with the Covid-19 pandemic. Remote working has become the emergency solution for many businesses who have had to send their workforce home, whether to avoid transmission of the virus or because there isn’t enough business to justify people coming in, digital identification and cyber security are critical.
Businesses know they must rapidly innovate, take advantage of new digital tools and leverage cloud services to emerge from the crisis ahead of their competitors with momentum for the long-term transformation of their business in the altered global landscape. This innovation is good news, but it is coming at a cost. As digital spreads its roots deeper, it also increases the risk and impact of cyber attacks.
The World Economic Forum’s COVID-19 Risks Outlook found 50% of enterprises were concerned about increased cyber attacks due to a shift in work patterns alone. These concerns are merited. Hasty and unplanned decisions related to digital transformations will add substantially to the spate of cyber security issues.
Cyber security matters even more given the increased dependency on digital infrastructure to ensure collective resilience. Many of the industries which are transforming serve critical functions – and a break in their supply chains could affect the movement and availability of life-saving drugs, components, equipment and raw materials. So the key question would be:
How to ensure cyber security in the midst of this accelerated digital transformation?
THE KEY: Secure implemented remote working modality
1.Monitor for shadow IT and move users towards approved solutions.
Review web traffic logs to monitor for the use of shadow IT (e.g. file sharing, video conferencing, and collaboration tools), and work to implement and move users towards business-approved and secured solutions (e.g. using Cloud Access Security Brokers and web proxy filtering).
2.Ensure remote access systems are fully patched and securely configured.
Review all remote access systems to ensure critical security patches have been applied and secure configurations have been used. Identify any vulnerabilities or configurations using penetration testing or red teaming. Work with IT teams to integrate rapid and agile security testing into the deployment of new remote access systems. Secure configurations should also be applied to email, identity management (e.g. Active Directory) and conferencing systems used by remote workers, for example by disabling legacy authentication protocols.
3. Ensure on-premise security controls still apply to systems when they are not on the internal network.
Map out the network-centric border security controls that apply to devices when they are on the internal network and evaluate whether a similar control set still applies to network traffic from systems not on the internal network. Confirm web browsing is secured by web filtering when working remotely and, if not, consider deploying a cloud-based web filtering solution to detect and prevent malicious web traffic. Configure this to restrict the types of websites that can be accessed, restrict file types users can download and block access to newly registered or untrusted domains. Confirm DLP and other security controls on laptops perform as expected when devices are removed from the internal network for extended periods of time.
4. Monitor remote access systems, email and Active Directory for anomalous logins.
Configure remote access solutions, email systems and Active Directory to log all authentication events. Preserve logs and analyse these for anomalous activity, including brute force attempts, logins from unfamiliar locations, and logins that indicate impossible travel
5. Support your people to work safely and securely from home.
Your training provider should be able to push out a short ‘working from home’ training module to help the workforce understand the potential threats and safeguards they may need to take when working remotely. If not, try creating a short fact sheet or guidance note. Importantly, let people know where they can go for any support and make it easy for them to consult and report concerns.
*Reference: PWC Report Managing the impact of COVID-19 on Cyber Security
How digital innovation guarantees remote working and cyber security?
Discover the ALL-IN-ONE Digital ID & Digital Sign Solution
nebulaSUITE is the only solution in the market that provides organizations with the full infrastructure for digital certificates (issuing and management) and qualified digital signatures through cloud-based services —all protected by robust authentication. This all-in-one solution increases productivity and savings. It also reduces the costs associated with printing, transporting, storing, and destroying paper documents.
COVID-19 is changing the technology culture and infrastructure of every organisation faster than any known event or phenomenon. This means changes will continue coming – and hackers will continue to target our growing dependence on digital tools. Businesses that focus on a return to “near-normal” will be investing time, effort and money in a battle long lost.
The pandemic presents an opportunity for full-blown innovation, a dramatic shift in perspective and the adoption of safe and resilient operating processes. The intensity and emphasis an organisation brings to its cyber security strategy will determine if the opportunity adds to bottom lines – or turns into a business disaster.
If you want to find out more about the advantages of digital identity and digital certificates, request a demo to see for yourself or contact us. We will be delighted to help you with all your queries.