It's hard to believe that the majority of the world's knowledge-based economy workers have been working from home for two months. It seems like just yesterday that we all got the notice to pack our laptops up and head for home. And in that short time, we have all, at least for the most part, embraced our new world, even if only it’s for a short time.
And though I know many of you may find this odd—especially coming from a cyber security guy—there has been a lot of positives to come from an otherwise terrible situation. I am, of course, talking about the newfound role people play in the everyday world of their respective organization's security practices. And it's not to say they weren't before, but now it has been amplified as new demands have been placed on people due to the inherent circumstances that relate to home office security etiquette.
For instance, one of the first things that people did, or at least they should have done, is to secure their home router. And to sound only a little self-serving, we actually have a great eBook and infographic how-to series that can help you through the finer details. That aside, the fact that many people for the first time were exposed to the more "technical" side of cyber security—getting their hands under the proverbial hood—made for a more cyber-aware workforce as they personally locked down their home environment.
But it didn't end there. Now, as people continue to work daily with an ever-present virtual connection to their business infrastructure, perhaps newly introduced technology—VPNs, Cloud Access Security Broker (CASB), and measures that enable Multi-Factor Authentication (MFA)—has become commonplace.
All of these cyber security aspects are in fact educating people in real time and adding to their skill sets. However, this is not where it should end—it should be just the beginning.
I know that at this point many see getting back to normal as being a far off hope or dream, but we will all be heading back to the office sooner rather than later. As provinces and regions begin to relax social distancing requirements, and more and more businesses start to reintegrate back to the office environment, there is far more cyber security work to be done.
Let's start with files. Consider that Google’s G Suite, Microsoft’s Office 365, and others, can all be accessed from any machine. It is quite likely that employees accessed and downloaded content from PCs other than their work machine. Then there are those digital files now residing in external drives, tablets, computers, and so on. Or even printed materials that should be heading for a shredder, instead they are sitting under a desk soon to be dumped into a recycle bin. In all of these cases, reminding employees of corporate policy and facilitating a “cleanup” will ensure assets are not lost in the back-to-office shuffle.
There is also the ongoing education together with entirely new systems that must be implemented. When this whole ordeal first started, organizations were in pure reaction mode. The first task was simply to get people set up at home as fast and as accurately as possible. Eight weeks in, and that task is still an ember glowing in the background of many companies.
But as people migrate back to the office, after-action reviews must be initiated to ensure that a full examination of IT infrastructure takes place and cyber security protocols are followed—and I can guarantee they were probably not, nor are they to this day.
So, the most important steps are the after-action review process along with a comprehensive audit-and-secure initiative to lock down everything properly and, of course, educate and test everyone to close the loop with the human element.
If we as a global society have learned anything in 2020, it’s that virtually anything can happen to disrupt our normal everyday lives. Preparing for the worst while hoping for the best is always going to be the right approach. At the heart of 2020, people have been the single most important asset and best defence this world has. Keeping to that sentiment is what we should all be striving for in the weeks, months, and years to come.
November 24, 2020 | Vanessa Howard
Virtual, Traditional, or Hybrid EOC What do you need to achieve?
An emergency operation centre (EOC) should enable people to respond to and plan the recovery from an emergency as effectively as possible. This is true of a brick and mortar EOC, a virtual EOC, and of a hybrid model. While there are...
Calian Cyber Security White Paper - Data and its importance to endpoint security