Review and Re-Education Employees About Cybersecurity
Oliver Münchow, founder of Lucy Security, puts the need for security review bluntly.
"Those bad habits that employees acquired during their work-from-home lives – like watching adult content, being connected to private cloud servers, communicating from unsecured devices – need to be quickly lost."
The cybersecurity review can't be a leisurely process, KnowBe4's McQuiggan points out.
"It will help organizations to have employees review their security awareness programs to reduce any risk of ransomware or other exploitation," he says. "If there are employees who have been furloughed and are returning to their mailbox, they will be quickly reviewing emails and could inadvertently click on links or open attachments that are malicious."
Keep COVID Cybersecurity Improvements
Nate Aiman-Smith, founder and CEO of RunAsACloud.com, offers this piece of advice: "Don't throw away the security improvements you've been forced to make."
"For example, some companies have adopted VDI [virtual desktop infrastructure] or desktop-as-a-service technologies in order to allow remote work," he says. "Now that their staff can come back into the building, they should continue that paradigm and turn their workstations into dumb terminals."
Ali Golshan, CTO and co-founder of StackRox, agrees. "As employees return to the office, it will be critical to maintain the more rigorous security controls put in place to protect systems while employees worked remotely," he says.
But that's not all.
"Organizations should implement additional controls that help them move toward a zero-trust model, as many of these efforts were likely started when remote/work-from-home trends kicked off earlier in the year," he says. "An organization is inherently more secure and flexible if it can apply zero-trust principles successfully from its endpoints all the way to its cloud applications."
Those endpoints have received a great deal of attention in the great move to working from home, and that attention can pay dividends when some employees return to offices.
"Any improvements or new systems that have been put in place as a response to the increase in remote work – most of these focused on securing endpoints and identity, as opposed to networks – will only benefit organizations long-term," says Keith McCammon, CSO and co-founder of Red Canary.
He points out that nothing precludes organizations from taking advantage of the traditional defenses they have in place at their offices, but "an organization that is less reliant on centralized infrastructure and security controls is absolutely safer for it," he explains.