Wherever you work, security risks lurk
As the switch from working from home to back to work picks up pace in Hong Kong, enterprises need to be thinking about what this means from a cybersecurity perspective. When COVID-19 struck and work from home became mandatory, security teams quickly realized the opportunities for hackers to leverage the chaos had increased exponentially.
This is because instead of a single network being targeted, there were now thousands of vulnerable points, as staff accessed the corporate infrastructure via devices at home using wired and wireless internet access. The devices covered under Bring Your Own Device policies were allowed authorized access, yet there were dozens of new and shared laptops, desktops, smartphones and tablets requesting access to the network.
But returning to work provides the perfect opportunity to conduct a thorough network security review and evaluation; before an employee even steps back into the office.
Be the first to know
Before a plane takes off, a rigorous preflight checklist is conducted to ensure the aircraft is airworthy and safe. Only until the checklist is completed, is the all clear given and the plane is given permission for takeoff.
Similarly, a corporate network ‘preflight’ checklist will define process requirements for traffic handling, threat prevention, accessibility, policies, last mile threat analysis, and integration across data centres, private and public clouds, internet gateway, mobile and home users, software as a service, and endpoints.
To review the hidden threats in your systems, the firewall log reports provide a high-level network view summarizing SaaS and other applications and websites users are accessing, and file types being shared. From the review, it will be possible to determine what other vulnerabilities, malware, and infections were blocked from entering the network and where they originated.
There is also the possibility that employees used sites to enable workarounds or downloaded third party software onto a non-approved BYOD device. These sites can be blocked to reduce the risk of network infection.
Taking a sassy approach to security
Once employees are back to work, this is also a chance to create or update pandemic contingency plans supplemented by learnings from the COVID-19 pandemic.
Since cloud adoption is growing, enterprises can combine networking and security services into a single cloud-delivered offering. A growing trend is secure access service edge (SASE (sassy)) provides enterprises simplified management, consistent visibility, and comprehensive network protection across users, devices and applications.
Gartner predicts 40% of enterprises will have strategies to adopt SASE by 2024, up from 1% in 2018. Using the SASE approach means secure access is offered to all users irrespective of where they are based.
If anything, the pandemic has accelerated digital transformation as enterprises recognize the efficiency and value of users accessing applications via the cloud within a secure environment. The drawback to this multipoint, complex and costly approach has been overcome thanks to SASE.
SASE brings flexibility, cost savings, reduced complexity, increased performance, zero trust, threat prevention, and data protection.
The abrupt decision to enter lockdown and ask staff to work from home has had a silver lining because many enterprises were forced on a steep technology learning curve. While returning to work is a cause for celebration, lessons learnt can be used to evaluate, determine, and strengthen security procedures for today and tomorrow’s workplace.
