Anna Collard, MD at KnowBe4 Africa, explains how the COVID-19 pandemic will change the way businesses work in the future, as well as now.
My husband was genuinely surprised at the high performance of his business’ call centre staff working from home. Facebook and Google both announced that they will have their people work from home for the rest of this year. The current shift in thinking is not limited to remote working but comes with a higher trust in people, it seems.
Security teams had to become more agile overnight and rethink how to make remote working a reality. They also have to prepare for a new ‘normal’ after lockdown ends.
The speed at which Digital Transformation is happening is certainly a positive side effect of the current situation. Yes, it’s government restrictions and fear of infections that are keeping us at home at the moment. But remote working has also shown efficiencies such as the worldwide adoption of video conferencing, which has reduced the need for business travel. Conferences have gone virtual. Remote working allows employees more flexibility and less time wasted in traffic.
At the same time, the rush to remote working has made us more vulnerable to risks. Projects that usually take months of careful planning and change management had to be squeezed into a few weeks or even just days. Many remote workers are using their home or personal devices to connect to the company network. Kids distract their parents at home and many parents have to share their work devices for online schooling. This makes them more likely to fall for phishing attacks, which have increased dramatically in the first quarter of this year. Old school VPN technology allows untrusted devices full access to internal networks without checking for possible infections. Often the flat nature of these networks increases the risk of malware propagation as well as lateral movement once inside.
Poorly configured collaboration tools can lead to potentially exposing sensitive information. These same collaboration apps are now under attack more so than ever. Users are being targeted with fake MS Teams notifications or Zoom calendar invites luring them into submitting their login details.
User education and awareness has become critical in times like these, where we rely on people’s behaviour to defend against attacks. Most dangers can be averted by following some very basic principles, and strengthening people’s security awareness not only helps the employees and the companies they work for but their families too.
What approaches will be staying for good? Zero trust models allowing access to data based on ‘need-to-know’ and multi-factor authentication are no longer reserved for privileged users only but are necessary for all. Security teams are becoming more agile and responsive, enabling remote work while ensuring data safety. User security awareness is an ongoing effort to keep people mindful of the latest scams and attacks. All of these initiatives will long outlive the COVID-19 crisis.