How secure is your work-from-home set-up?

Employees working from home rarely have the same firewalls, network-based intrusion detection and other defences integral to their office spaces. This scenario exposes the gap in security of the one place we feel safe in—our own homes, writes Vishal Salvi, CISO at Infosys

Updated: Sep 28, 2020 12:11:21 PM UTC
Image: Shutterstock



Humanity has woken up to the realisation that we can feel so defenseless in the face of calamity, which is spilling into our work lives. We are looking at a future where we have migrated from less than 10 percent to nearly 100 percent of our workforce to remote working mode. This new way of conducting business comes with an inevitable discomfort of cyberattacks targeting devices outside the safety of our office networks. Employees working from home rarely have the same firewalls, network-based intrusion detection, and other defences integral to their office spaces. This scenario exposes the gap in security of the one place we feel safe in—our own homes.

It is not surprising to know that digital infrastructure has not been stress-tested before in an exponentially stretched situation such as the Covid-19 crisis. But is our cybersecurity preparedness enough to evolve our IT infrastructure in this scenario?

Fortifying remote assets
Home offices are more vulnerable to attacks through emails, sometimes with malicious attachments. Phishing scams are one of the most common ways hackers gain access to information. The urgency to upgrade infrastructure and expand virtual private networks (VPNs) is all consuming, just as is the need to modernise critical legacy systems to ensure remote accessibility. Fittingly enough, the cybersecurity industry’s response has encouraged enterprises to embrace ‘Zero Trust Security’ that involves users connecting to their organisations’ systems before being granted access.

In addition to the technology, policies are placed under the scanner in a bid to make them more relevant for this new reality. Companies must educate the remote workforce on the risks, company privacy and security policies, guidelines, and essential monitoring process information. With the new remote working landscape riddled with unexpected moves from cyber criminals, users need to be alerted and protected against malware designed to harm their devices or software.

Keeping our guard up
Although virtual networks connect with multiple remote workers, the encrypted tunnels are rarely inspected, allowing attackers to enter undetected. Cyber criminals can use these tunnels to create man-in-the-middle attacks to eavesdrop on encrypted traffic, tamper, or steal classified information. Upgrading VPN infrastructure to allow more bandwidth will ensure fast and seamless access to company resources for remote workers.

Another popular method is for organisations to closely monitor the remote devices for any cyber threats or data breaches. Remote monitoring and management solution stack can provide unified control and visibility into the entire IT infrastructure, including servers, networks and endpoints. However, the right to monitor remote workers comes with several limitations, including obtaining the consent of the employees and the notification of surveillance with specified limits on the monitored areas.

Utmost care must be taken to avoid monitoring guidelines violating the right of privacy of remote workers. Furthermore, organisations are doing all they can to prevent endpoint breaches on employees’ systems, frequently locking access to resources, blacklisting websites, and conducting time consuming security-awareness tests. This can be oblivious to the not-so-insignificant costs it entails in terms of employee productivity. Additionally, amplifying help-desk capabilities with intelligent self-service will drive higher service capacity and lower cost per service-request for the scaling remote workforce.

The road ahead
Implementing security technology and processes designed around simplified user experience and ingrained as an integral part of remote worker behaviour will play a major role in fortifying mobile devices outside office networks. Investments in transformative technologies can be meaningless if they cannot guarantee the protection of a business, its vital assets and the customers. Integration of IT and operational technology opens doors to a new world of connectivity, data sources and potential vulnerabilities that need to be addressed. The complexity and speed of development continues to challenge the most robust security organisations while connecting the dots between enterprise security and the partner and vendor ecosystem.

On a broader perspective, employees working remotely represent the true front lines of organisations today, and play an important role in streamlining process efficiency and security. That said, businesses will need to flex their digital muscle and consistently reiterate their cybersecurity protocols and procedures to embrace this new way of working in a robust and secure manner. With this in place, we can truly create a resilient and assured digital future for our organisations.

The writer is Chief Information Security Officer & Head Cyber Security Practice at Infosys

The thoughts and opinions shared here are of the author.

Check out our end of season subscription discounts with a Moneycontrol pro subscription absolutely free. Use code EOSO2021. Click here for details.

Post Your Comment
Required, will not be published
All comments are moderated