WFH U-turn calls for an urgent rethink of IT security
Following recent calls to return to their offices, UK office workers have once again been told to work from home wherever possible. This increased workforce disparity, fueled by the ambiguity of the Government’s guidance, will see employees switching between home, office and everywhere in between like never before. As a result, that the need for organisations to rethink the temporary security measures they put in place when we first went remote in March has never been greater.
“The initial move to WFH took many organisations by surprise, and went completely against their cultural and technical grain,” said Nic Sarginson, Principal Solutions Engineer at Yubico. “Many organisations were forced to accelerate their digital transformation to accommodate the sudden pivot, making use of disruptive One Time Passwords and blanket access VPNs to grant ‘frictionless’ access to digital assets.”
Indeed, the decentralisation of the workforce goes hand in hand with the decentralisation of security, and employees who were never a target before suddenly found themselves in the firing line for cyberattacks – but without adequate protection. We must remember that this is how the recent Twitter breach saw the profiles of some of the world’s most powerful people hacked– a simple phishing attack on an employee at a ‘lower level’ allowed hackers to impersonate Barack Obama, Elon Musk and Bill Gates, to name a few. The fact is, a cheap consumer router in most people’s homes, along with just a username and password, cannot compare to corporate network security. Users are in effect now working in a coffee shop style shared network environment at home but with much lower perimeter security.
“Security teams must see this next stage as an opportunity for longevity, investing in the right tools to ensure the agility and flexibility that organisations need right now,” continued Sarginson. “A strong organisational security foundation will be critical to ride this current wave of uncertainty, and that must include the enablement of multi-factor authentication wherever possible. With a dispersed and unpredictable workforce, securing logins really is the first line of defence and will ensure employees are accessing business critical services and applications as safely as possible.”
This was posted in Bdaily's Members' News section by D Baker .