Working From Home – The New Normal
Suddenly a new business normal has emerged and every enterprise, organization, business and government agencies are adapting to it.
In the wake of this new reality, everyone is mobile, everyone is remote and everyone is less secure. This sudden change has altered a lot of things. Some changes have advanced how we work, the technologies we use, the way we communicate, our mode of networking and most especially our cybersecurity plans.
With greater reason, what’s needed is a shift to a new security model that aids organizations to actively and securely adapt to this new work normal; as for most organizations, in Africa especially, remote working remains an uncharted territory.
There are lots of measures recommended for organizations to put in place to ensure adequate security while their employees work from home (WFH). Some of these measures were highlighted in an earlier post. It’s amazing how organizations have adapted to this new normal, which is the first phase. More importantly though, is the need to sustain this new work order. Some measures to this include:
Measures to Sustain the New Normal – Work From Home
Distributed Risk Management
Owning to the fact that majority of employees work from home, as well as the obvious likelihood of long-term remote work, organizations need to be prepared for the heightened risk that is more distributed across all platforms. To manage this risk, the enterprise needs to properly engage and train employees to ensure that vulnerabilities inherent in distributed infrastructure are reduced.
Thoroughly Vet and Secure Cloud Platforms
SaaS tools such as remote access applications, VPNs and other cloud services have seen rapid growth as companies transition to the new business normal. However, the rapid spread of the COVID-19 crisis has shortened the time frame for deployment in the enterprise, undercutting the security vetting process and limiting the time for employees to learn the new tools, resulting in security lapses that may not be noticed until it’s too late.
Though the thought of some of these practices may have sounded absurd three months ago, organizations need to consider the full risks of discussing sensitive topics remotely to be prepared for prolonged remote work. One way is to assess the security posture of cloud applications that are being used to access corporate data. Many enterprise applications are built for user experience and integrations first. Security is considered an afterthought. As the number of users for certain enterprise apps have grown, hackers are increasing attacks and seeking to exploit previously unnoticed vulnerabilities, hence, the need to properly vet and secure cloud infrastructure.
Ensuring Security Readiness
Many employees still find basic tasks like managing the setup of remote devices, ensuring identity management, and securing data on remote devices over unsecured lines difficult. These are indeed difficult challenges to overcome for the untrained.
The lack of employee cybersecurity training has led to several data breaches. It will only get worse with employees working from home. Training employees on how to maintain best practices while working from home would ensure security readiness.
MSSPs As a Solution
Implementing all of the above can be time and resource intensive. Fortunately, there is an alternative path to securing your business: Managed Security Service Providers(MSSPs).
Managed Security Service Providers are businesses that specialize in managing and delivering cybersecurity services. They are equipped with the security infrastructure and expertise to proffer quality services to their client. Their services include (but are not limited to) preventing, detecting and responding to threats and attacks to business infrastructures and applications. Popularly called MSSPs, they offer real-time monitoring of security events often spanning 24x7x365. There are several benefits of leveraging an MSSP.
Benefits of Managed Security Service Providers
Like many other technology infrastructures, acquiring security infrastructure is expensive. More costs are incurred recruiting, keeping and training security professionals to manage and operate those infrastructures.
Extra costs could also come from keeping up with the ever-evolving capabilities in the cybersecurity field. MSSPs take this cost away by having the infrastructure and manpower to serve the needs of multiple clients. The cost of capital is spread across clients and eventually each only pays a fraction of the cost.
Already, businesses are preoccupied with several objectives. With security concerns largely outsourced, companies can channel their time and resources to tasks that affect their business goals more directly. This improves efficiency.
Access to High Quality Infrastructure and Expertise
MSSPs specialize in one field – cybersecurity. Therefore, they work towards rendering the best quality of service available on the market. This usually involves using the best-in-breed technology and training experts to provide high class service. Owing to their wide proficiency, MSSPs often perform vetting exercises on on-prem and cloud infrastructure. This could range from vulnerability assessment and penetration testing to proper configuration and identity management. These could also be done by an in-house security service, however, it would require much more resources and commitment from the business.
Meeting Compliance Regulations
Different regional and professional governing bodies require businesses to comply with certain regulations. Examples of these regulations are Health Insurance Portability and Accountability ACT (HIPAA), Nigeria Data Protection and Regulation (NDPR), General Data Protection and Regulation (GDPR) and ISO . These regulations are constantly evolving and may present challenges to organizations who wish to keep compliant. MSSPs work together with clients to ensure that, regardless of the modifications, their security posture meets compliance regulations.
IT teams often work hand-in-hand with Security teams to better secure the technology infrastructure they oversee. Companies partnered with MSSPs can rely on their subject matter expertise and enjoy their support for IT teams on security issues.
Non-technical employees can also benefit from their knowledge and wealth of experience. Unfortunately, many employees still lack awareness of security best practices. Words from experts can raise their consciousness to the necessity of security and get them to actively take measures to secure themselves and the business. This will do well to reduce distributed risk and fortify the overall security of the business.
MSSPs are a viable solution for many security-aware businesses. However, there are usually concerns of privacy and confidentiality. Letting another company handle your sensitive data is a risk on its own. The way out is to have a detailed Service Level Agreement (SLA) that highlights confidentiality and also protects your business in the event of a breach.
Chukwuka Samuel Isaac is a Cybersecurity Analyst at CyberDome Limited Nigeria
Ememobong Eyo is an IT Security Analyst.