With COVID-19 forcing companies to implement work-from-home policies, Jim Fitzsimmons helps us understand the cybersecurity risks posed by a remote workforce
The COVID-19 pandemic has forced organizations around the world to implement working from home. The challenges of this new working pattern include a loss of productivity, social isolation, and the complications of managing the abrupt mix of home and work life.
Companies and people are adjusting and becoming accustomed to these circumstances. But this new working model owes more to a mobile consumer culture than to conventional enterprise information technology (IT). Many companies have quickly adopted cloud-based productivity tools (such as Microsoft’s cloud-based Office 365 solution) to support a suddenly remote workforce.
In the rush to adapt, however, companies have become increasingly concerned about the overall cybersecurity of this approach to working. For many years cybersecurity was based on a perimeter security model: Protecting an organization’s information and computers was predicated on isolating them from external access. Computers could connect to the internet on the “outside”, but, in principle, no connections from the outside were let in. But when everyone is working from home, they are all on the “outside”, and this old security model is poorly suited to a mobile workforce.
Companies look at how they work today – individually at home, connected via apps, sharing data and video conferencing – and they are unsure of their cybersecurity risks. Is the cybersecurity risk higher when working from home?
To understand the risks of working from home, it is important to understand the threats, and the underlying actors.
Motivated, well-resourced attackers specifically targeting an organization are the most acute threat. Nation states have the hacking talent, software development capability and the funds to mount complex espionage campaigns. Meanwhile, sophisticated cybercriminals who steal information for sale, or on the behalf of another organization, are almost as well-resourced and capable.
Jim Fitzsimmons is the director of cyber consulting at Control Risks, a global risk and strategic consulting firm specializing in political, security and integrity risk.