Over the past few months, home working has become widespread. Businesses have had to act quickly to set up the necessary infrastructure for employees to access corporate resources remotely. In order to ensure that networks can only be accessed by those duly authorised to do so, additional security systems must be implemented. So what does the COVID-19 pandemic mean for cybersecurity in businesses?
When the instructions limiting physical contact were suddenly introduced this year, many companies asked their employees to work from home. This meant immediately putting in place the technical foundations needed for staff to use company laptops or personal computers to access corporate networks remotely, without making them vulnerable to outside sources. A VPN provides remote access to the network server while encrypting the connection, thus ensuring a secure exchange of data between the client computer at home and the company server.
Whole workforces suddenly working from home – and under secure conditions!
Businesses which were already used to working from home before the crisis had an advantage, as they already had the necessary infrastructure. However, they still had a lot to do to quickly adapt their equipment to the new requirements. This involved ramping up their internet connections or infrastructure for managing VPN connections and clients. In many cases, all they had to do was buy additional licences since the capacity of their existing hardware exceeded their operational needs. For example, businesses might buy 100 VPN licences, when their infrastructure could manage 1,000. Some providers offer specific licences for this scenario, making it possible to increase capacity to 1,000 connections for a brief period of time. Often, these solutions were being implemented for the very first time.
That said, using company equipment outside of the office poses the additional risk of it being lost or stolen more easily. To counter this risk, security can be improved by managing and protecting mobile devices with Mobile Device Management (MDM) solutions.
Enhanced responsiveness thanks to managed services and cloud solutions
Cloud-based solutions are currently facilitating cooperation between staff members working out of different locations. As a result, they are increasingly in demand. However, in order to implement, explain and configure them, IT personnel is needed. By using managed security services, businesses can outsource routine cybersecurity operations and thus free up capacity for other, often unforeseen, tasks. Plus, managed security services can help minimise a whole range of risks. And that will still be relevant after the health crisis caused by COVID-19.
Security as a Service, a cloud model that delivers scalable cybersecurity solutions, is also of value now more than ever. As needs vary significantly, due for example to furloughing, companies can make savings by using software available in the public cloud, for which licences can be terminated at any time, thus limiting costs.
Maximum security with Zero Trust model
Security mechanisms like strong authentication are also in great demand. This type of authentication not only requires a username and password for an employee to be able to access corporate resources, but also a certificate or one-time password.
The concept of Zero Trust cybersecurity reduces internal and external risks to the very minimum. Whereas other security architecture is often based on the source IP address alone, Zero Trust distrusts anyone seeking to access corporate resources. Strong authentication is another way of preventing unauthorised people from accessing sensitive data and malware from penetrating the system.
The health crisis illustrates very clearly just how important digitisation is – and not only for businesses. It is also crucial for schools, which had to stop face-to-face learning from one day to the next. Axians is involved in digitising schools and is currently considering a project aimed at equipping 22 establishments in the southern districts of Hamburg with a uniform, exhaustive, integrated and automated cybersecurity solution.
Axians’ 5 cybersecurity recommendations for working from home and elsewhere:
- Ensure secure remote access by exclusively authorising encrypted VPN connections for accessing corporate data and by using strong authentication.
- Build and use Zero Trust architecture.
- Create network transparency through Cloud Access Security Brokers (CASB), Security Information and Event Management (SIEM), segmentation and Vulnerability Management.
- Provide training for employees, using dedicated platforms to send them fake phishing emails. This tests their reactions and enables targeted training to be set up for vulnerable staff.
- Secure mobile devices through multiple authentication, Endpoint Security (antivirus, hard drive encryption, port verification, etc.) and the use of MDM solutions; perform all application and operating system updates.
Axians delivers consultancy services, training courses and tailored solutions, also in the form of Managed Security Services or cybersecurity-related Software as a Service.