- By Anil Bhasin
With the recent COVID-19 outbreak worldwide, many Indian organisations have allowed their staff to work from home to avoid spreading of the virus. This duty of care seeks to protect the health, safety and security of employees while maintaining business continuity. Yet enterprises need to ensure there is a similar initiative applied to IT infrastructure; and try to avoid taking a flexible approach.
There are dozens of ways to access networks and today, remote offices are common. The mobile office is a reality, there is an abundance of bandwidth and cybersecurity harnesses artificial intelligence and other advanced technologies. In many organisations, there will be staff who are required to operate outside the office environment and these mobile workers will access the corporate network with authorised devices and apps in a disciplined environment.
Employers have strict Bring Your Own Device (BYOD) guidelines and policies for staff wanting to use personal devices to access corporate networks and systems inside the office. These policies require every BYOD device-smartphone, tablet, laptop etc-to receive authorisation by the IT department before connection to the network is allowed.
But when staff are allowed to work from home to enable business continuity, this raises serious cybersecurity issues. As per 'The State of Cybersecurity in Asia Pacific' survey by Palo Alto Networks; almost half (47%) of respondents stated their biggest cybersecurity challenge was their employees' lack of cybersecurity awareness irrespective of the company size and sector.
Having employees inside the security bubble and preventing cyberattacks requires investment in time, resources and equipment. The whole premise of being able to work from home to maintain business continuity, falls apart if the employer and employee fail to maintain the same level of security and practices as at the workplace.
Here are some tips to secure the work from home environment:
Devices: Only allow authorised devices to access the corporate network for business execution.
Education: Regularly reinforce to employees about the need to exercise the same level of cybersecurity discipline when working from home. There is an opportunity for corporations to develop cybersecurity materials for workers to share with their families to encourage and instil awareness.
Training: Irrespective of where the employee is accessing the network from, the provision of up-to-date training and testing employees' knowledge about cybersecurity is critical. These tests should reference work from home and highlight traps to avoid.
Firewalls: Install next generation cybersecurity solutions as these are designed with remote workforces in mind and allow the extension of firewall-based policies. This gives employees an opportunity to access sensitive resources securely anywhere.
Cloud: Employees using cloud-delivered applications and services must only use those approved by their employer and accessed via the corporate network.
Common IT infrastructure architecture secures the corporate headquarters, branch offices, data centres, and remote access, preventing a multitude of cyberattacks. The trend now is for network security to be delivered via the cloud, protecting users, data, applications and sensitive information.
This development will help to eradicate the differences between office and home working from a cybersecurity perspective. For now, companies need to ensure 'business as usual' efforts extended to staff working from home, when it comes to cybersecurity.
(The writer is regional vice president, India & SAARC, Palo Alto Networks)