With so many people now working from home due to the COVID-19 pandemic, cybersecurity in quarantine is a topic often on the minds of information technology (IT) professionals.
A workplace gives a relatively controlled environment where an organisation can enforce regular password changes, monitor for new devices connecting to the network and exercise other precautions to keep cybercriminals at bay.
It’s much more challenging to do that with a suddenly distributed workforce where many people are doing on-the-job tasks at home for the first time. The (ISC)2 COVID-19 Cybersecurity Pulse Survey revealed some of the changes seen at companies regarding remote work security and related matters. The respondents weighed in about the first few weeks of working from home due to COVID-19.
Cybersecurity incidents increasing
One of the most alarming findings from the research was that 23% of respondents said their recorded cybersecurity incidents increased since people began working from home. Some organisations even said the overall number has doubled.
A potential strategy for companies is to try and identify patterns in the kinds of attacks seen. Could phishing emails or browser malware be making it easier for cybercriminals to gain access? If enterprises see weak points to address, they might consider providing a checklist of online security practices to apply during the COVID-19 quarantine.
Challenges experienced in fulfilling remote work security needs
Another conclusion made by the (ISC)2 survey was that 81% of companies view security as an essential function during the COVID-19 pandemic. That sounds positive, but the trouble is that many businesses find it’s more complicated than expected to maintain strong cybersecurity in quarantine.
The poll found that information security teams at 15% of companies do not have the necessary resources to support remote work. Then, 34% said they do have what’s needed, but only for the time being.
A lack of personnel is a major concern spotlighted in the findings. About 47% of respondents said they could not focus as much on their typical cybersecurity duties. That was due to being asked to assist with other things — such as preparing a team to work at home. Part of the reason for that shift toward multitasking might be because 32% of those surveyed knew someone in their organisation with COVID-19.
Companies may want to explore what kind of external help they could enlist as the pandemic continues. Business leaders around the world expect an increase in demand for freelancers, including those with cybersecurity and other tech skills. Bringing some freelance workers onboard to address resource shortages may ease the burdens currently felt by many IT staff members.
Cybersecurity practitioners still giving their best efforts
Companies introduced a wide variety of strategies to keep people safe and connected while working during the global coronavirus pandemic. Some sent workers home with mobile hotspots while others introduced protocols to follow in case a worker started showing symptoms. The challenge is that there’s no single right way to navigate this new normal. The practices chosen largely depend on a company’s needs, plus expert public health guidance.
People who participated in the (ISC)2 research also said the coronavirus forced them to make decisions differently. One person commented: “Security at this point is a best effort scenario. Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all.”
Working quickly does not mean cybersecurity specialists discard proven principles, however. The results showed 41% reported using security best practices during the COVID-19 quarantine. Half of the respondents said that although they relied on best practices, there was more to do.
Reminding the workforce about the roles they collectively play to maintain adequate cybersecurity in quarantine could encourage workers to show a renewed dedication to the effort. Many employees lapse into complacency if they feel cybersecurity is only the IT department’s priority.
Now that people are more likely to work from home for the foreseeable future — and with Twitter recently deciding employees can work from home forever if desired — it’s crucial that workers understand how cybersecurity is everyone’s responsibility. One survey respondent noted: “Employers now face the prospect of doing what they should have done long before: enact contingency plans for large-scale remote work due to natural or man-made disasters.”
Remote work security faces new threats
The (ISC)2 research confirms that a larger number of people working from home makes cybersecurity more challenging. Companies that continually stay aware of risks and do what they can to mitigate them should have the best chances of staying resilient.
Kayla Matthews is a cybersecurity journalist and technology writer whose work has been featured on the National Cyber Security Alliance, Computerworld, Information Age and Digital Trends, among other publications. To read more from Kayla, please visit her blog at productivitybytes.com.