How to Work Securely During a Pandemic
- March 18, 2020
For decades, scientists have studied the connection between health and our environment. As a result they understand that the convergence of environmental changes like worldwide population growth (human and animal) and climate change enables the spread of pathogens and leads to viruses like COVID-19. And while scientists work to prevent the spread, as long as our environment continues to change, COVID-19 will likely not be the last virus of its kind.
Our world is interconnected more than ever before by global travel, business, and technology. This web of connections provides all the conditions to allow the rapid spread of any virus that infects humans. Therefore, to prevent the spread, remote working is one of the most effective controls. Enabling remote work before key personnel is affected is critical. Most organizations have business continuity plans, so they know who these key people are. A crucial part of such programs should be actively encouraging people to work from home when possible. Encouraging remote work after the first worker reports sick simply doesn’t make sense.
In the wake of the COVID-19 (Coronavirus), some organizations are making essential tools to enable remote collaboration more available. There is a growing recognition that the more we allow remote working, the better the containment of any pandemic will be. In support of this effort, some major cloud providers are enabling access to tools free of charge that were previously pay-to-play.
Team collaboration
Google has rolled out free access to “advanced” features for Hangouts Meet to all G Suite and G Suite for Education customers globally. With these tools, organizations can host meetings with up to 250 participants, live stream to up to 100,000 viewers within a single domain, and record and save meetings to Google Drive. Normally, Google charges $13 extra per user per month for these features in addition to G Suite access under its “enterprise” tier, which adds up to a total of $25 per user per month.
Since March 2020, a free 6-month Office 365 E1 Trial, including Microsoft Teams, has been made available. Microsoft is making this special E1 Trial license available in response to the increased need for employees to work from home (WFH) in response to the COVID-19 outbreak.
As organizations start leveraging tools that may be new to their tool catalog, it is important to conduct a risk assessment and understand what security controls should be put in place. Without guidance, employees may start to exchange work information using their personal devices or accounts. Providing clear guidelines on collaboration will help employees adhere to remote work policies. NTT DATA has been helping clients to alter their work paradigm; leveraging tools like cloud, VDI, conferencing, and Cloud-based security such as nextgen-AV, remote access, secure Internet filtering to enable remote work as simply and securely as possible.
New threats and solutions
The increase in remote working will open avenues for theft of information in a way that organizations may not have considered. With the increased media coverage on the COVID-19, the opportunity for malicious actors to exploit the fear and thirst for knowledge continues to increase with each passing day. One example is malware that has been deployed using the COVID-19 virus map. This map is used to activate malware known as AZORult, an information stealer first discovered in 2016. It is used to steal browsing history, IDs, passwords, and other PII. This is just one example of a raft of malware that has been developed focused on the desire to stay up-to-date on the pandemic.
Additionally, there are a host of factors that may lead to compromised decision-making by employees in the case of a pandemic. Distraction, increased anxiety around health issues, or unwell workers who are working remotely may all leave the human firewall compromised. For instance, an employee fighting a fever and running on a few hours of sleep may be more likely to click a link in an email he or she would normally ignore.
Bad actors are already exploiting fear of COVID-19 to induce people to click links that download malware, and they will continue to do so. Employees should be reminded that if they become aware of a data breach while out of the office, they should inform the organization’s contact point. It is also important to prepare the incident response team for the increased risk that will arise during this period of time and alter processes as needed to cope for responding to critical incidents in a remote working model. Holding town halls and education sessions to remind employees of good security hygiene when they work from home is critical, as this becomes a more conventional work model.
NTT DATA leverages a range of security technologies to protect homeworkers and their mobile workforce from clicking on infected links or sites that do not adhere to our corporate policies. The secure desktop architecture protects NTT DATA from malware like the one mentioned above.
Identity authentication and access
The single best thing that an organization can do to improve security while employees are working from home is to turn on multi-factor authentication (or at least 2FA). If you don’t have multi-factor authentication in place, start a pilot now with users that have access to the most confidential information. NTT DATA has more than 20 years of experience in identity and access management and helps clients create successful IAM programs.
Physical security
Providing guidance around physical security for workers that normally don’t work from home becomes critical. These measures can include the placement of computer screens, implementing screen locks, and encryption of home devices so that if a device is stolen, the information remains inaccessible. Organizations should also consider prohibiting work from public places, such as café’s or public transport where unauthorized third parties can view screens.
Unsecured networks and infected devices
Many remote workers may not have secure home networks. Their home WiFi networks may have a low level of encryption and a simple, breakable password. It is advisable to either impose a home network security policy or educate remote workers to use a VPN on untrusted networks.
It is possible that a device, such as a home router, may be infected and intercepting information, or that remote workers are using one of their home computers to access information on a cloud drive or information on removable drives. Policies must be in place to prevent the transfer of confidential information to unsecured devices. Companies must also consider how to encourage remote workers to segment their networks, using devices that simplify the process, such as Google WiFi, which sets up a guest and home network at the touch of a button. Also, companies must consider how to check for vulnerabilities and patch devices that may be remote from the office for months. Cloud-based virtual desktops offer a higher level of control and security for users that need to work from home on their own devices. Organizations should consider cloud-based secure web gateway services which move security off the network and close to the users providing a secure connection no matter where the user is located.
NTT DATA provides their workforce with a VPN and other cloud-based security such as nextgen-AV, remote access, secure Internet filtering as part of the corporate image and is required to access the corporate network.
Preparing for a reduced workforce
It is possible that security personnel may not be available as a result of the pandemic. Ensuring that as many security personnel are working remotely during a pandemic will decrease the risk of possible contagion. Dusting off the business continuity plan and ensuring it is pandemic-ready is a good step for organizations to take to enable resilience. Simply reviewing and updating your org. chart — particularly backup links for critical personnel — is a significant first step.
Additionally, uncertain times call for flexibility and adaptability to a constantly changing technology and human landscape. Working with an IT services provider with the breadth of capabilities and the depth of knowledge of NTT DATA provides organizations with the ability to react quickly and effectively to technology, staffing, and operational changes that may be needed. This press announcement by NTT DATA shares some of the steps we have taken to secure our workforce.
Finally, in a time of a pandemic, employees may become concerned about their health and turn to health facilities that might be overwhelmed and may increase the risk of possible infection. It is important to provide workers with a secure method of consulting healthcare professionals. NTT DATA has made Teladoc available to all their employees, allowing them to consult a healthcare professional using their phone, from the safety of their home.
As always, NTT DATA offers services to build resilient solutions as a business enabler. Should you require assistance with your pandemic preparedness you can contact NTT DATA Services for assistance.
Visit our latest COVID-19 resources.
Subscribe to our blog
Sushila has over 25 years of experience in computing infrastructure, business and security, including a decade as a chief information security officer. She has worked in diverse areas across telecommunications and cybersecurity, from risk analysis to credit card fraud to serving as a legal expert witness. An experienced cybersecurity thought leader, she has published numerous articles in the computing press, and presented in global technical events. She plays an active role in supporting best practices and skills development within NTT DATA as well as across the cybersecurity community. Sushila sits on the board of the largest ISACA chapter in the world.