For many Americans and people around the world, we are entering week 7 of social distancing, stay-at-home orders and remote work due to the COVID-19 pandemic. The first few days (or weeks) may have involved slowly settling into this new normal – I cannot be the only one that began this stay-at-home order by frantically spring cleaning. But now, several weeks into this shift to a remote workforce, we must establish clear processes and security parameters to address new technology and emerging threats.
ZeroFOX conducted a webinar called, “The New Rules of Engagement: 4 Strategies for CISOs to Secure their Remote Workforce” focused on what’s new, what to review and what you, as a security team, can do to address the new security challenges that working from home presents to your remote workforce. I won’t spoil the good stuff, you’ll have to listen to Dr. Sam Small, ZeroFOX’s CSO and main speaker for this webinar, but here are a few highlights.
Rapidly changing environments require rapidly deployed tech
With the world almost entirely gone virtual, individuals and businesses have had to quickly adopt new technologies to communicate internally and externally as well as to conduct business. Consider the local restaurant that previously never maintained a web presence, that now must juggle ordering, payment and delivery all online in order to access consumers. Or the local bookstore that must now shift to online ordering and shipping. Or my own parents, who if asked two months ago what Zoom was would not have had a clue, that are now on Zoom calls multiple times a week to keep in touch with family and friends.
Security teams must grapple with the security implications of the rapid deployment of new technology on their remote workforce. Old policies and defenses may or may not apply. Now is the time for security teams to review what tools are being used, what policies have been established for those tools, and what gaps need to be filled now that new tools, like collaboration platforms and video conferencing, are at the core of all business. This is no small feat, and it is easy to feel like you are already behind. While it may not be best practice to deploy and then establish security parameters after, we must recognize that things are rapidly changing and do what we can to ensure our security posture catches up with those changes.
When everything, from Sunday dinner to quarterly board meetings, goes digital
No other platform has seen a surge of users like Zoom. According to Zoom’s CEO, the app’s daily users surged from 10 million in December 2019 to more than 200 million in March 2020. The video conferencing app’s usage has increased for both personal and commercial purposes, attracting hackers and other bad actors to the platform as a new attack surface.
For businesses, Zoom and other video conferencing apps are now a necessary business tool to conduct both internal and external meetings. Some of these meetings could be sensitive in nature, such as board meetings that would previously be conducted behind closed doors. Schools and universities are relying on video conferencing for class time. Entire conferences are now taking place on digital platforms. These new uses by a newly remote workforce require increased security due to the often sensitive nature of the meetings. Security teams must now define new parameters for dealing with various types of meetings, whether internal or external, sensitive or public.
Be prepared to evolve and adapt
Things have been changing quickly. Ultimately, the rules and security procedures you set 6 months ago, or even 3 months ago may no longer apply or have gaps in coverage. It’s important to first and foremost recognize that things are – and will continue to be – evolving. You should not have blind devotion to the rules you have today, because we simply don’t know what tomorrow will look like. Be prepared to rewrite the rules you established previously.
Focus on defining what tools you are using now, train your employees on the best practices of using those new tools, and refresh on the best practices of the tools that are still in place. Now is a great time to review your security awareness training and make any necessary updates. Consider emerging threats, like Zoombombing and business email compromise, as training opportunities for your remote workforce.
Listen to the secure remote workforce webinar
Hear from Dr. Sam Small, ZeroFOX’s CSO, as he presents the new rules of engagement and 4 strategies security teams can use to secure their remote workforce. You can listen to the on-demand recording here.