Navigating the security landscape in the new normal

As organisations adjust to the ‘new normal’ of remote working, they need to not only think about how employees can successfully collaborate, but how they can do so safely, says Charbel Khneisser, Regional Presales Director, MENA, Riverbed.

This mass shift to remote working in the wake of COVID-19 has had an enormous impact on the complexity of the security landscape. Traditionally, trust in business is established through face-to-face interaction. However, when working from home and relying on collaboration tools, employees must now trust that the individuals they are dealing with are who they say they are without a robust way to validate identity. This, in addition to security steps being skipped such as consistently using a VPN as businesses prioritise uninterrupted workflows for employees, has drastically increased the attack surface for hackers and left businesses vulnerable.

As the landscape shifts, it is paramount that businesses evolve at the same pace and revise their security measures accordingly.

Establishing a new form of trust

Collaboration tools have been vital in ensuring that businesses maintain efficient operations during lockdown. However, they have not come without their security risks, including unauthorised visitors hijacking company meetings. As such, these tools have raised new complexities for the security landscape, and it is now vital that employees need to take a different approach to trust when using them. Within a typical office environment, employees primarily establish the authenticity of one another through a face-to-face chain-of-trust principle.

When working remotely, and relying solely on collaboration tools, traditional security “on-boarding” falls apart and it becomes more difficult to validate peers. This has proven only too true when using video conferencing tools, some of which have a notable lack of end-to-end encryption and secure passwords. Compounding this, many meeting organisers are not aware of important security features, such as meeting passwords.  As such, cybercriminals are easily able to bypass the authentication process, putting companies at risk of hackers eavesdropping on confidential business calls. This not only leaves a company’s intellectual property vulnerable, but it enables the attacker to obtain information which can be used to impersonate employees and carry out spear phishing campaigns.

As organisations adjust to the ‘new normal’ of remote working, they need to not only think about how employees can successfully collaborate, but how they can do so safely. It is therefore crucial that businesses responsibly select the tools they choose – opting for those that offer true end-to-end encryption. This means tools that encrypt and decrypt communication at the sender-receiver level, rather than at the provider’s server. In addition, they must educate employees on how to safely use these tools and the security risks if used incorrectly.

Skipping out on security

As businesses have scrambled to ensure that employees can quickly access the resources they need to work remotely, vital security and privacy measures are being skipped or waived. This issue is compounded by employees moving off the company network and increasingly using personal devices for work purposes at home. As a result, employers are losing visibility over employees’ activity and their network. Without this cohesive visibility, IT teams are unable to troubleshoot problems, including security threats, as efficiently or effectively.

In order to avoid these issues, and ultimately ensure better security, it is crucial that businesses inform their employees of the importance of using the company approved VPN and their business devices.

Ensuring network visibility beyond the office

It is now much harder for businesses to assess what is normal traffic on the network and separate the good from the bad.  After all, traffic patterns are evolving faster than ever before. Businesses must adapt to this change and understand that in order to identify the signs of a security breach, they need to meticulously log information that can be forensically analysed if necessary. Network and performance visibility are key to this.

To gain a comprehensive insight into the network, even while the workforce is dispersed, investments must be made into network performance monitoring tools, such as Riverbed’s Network Performance Management solutions. These provide complete end-to-end visibility over the network and will forensically record the data to give IT teams different telemetry from multiple angles of the network.

Education, technological investment, and trust key to secure remote working

It is clear that remote working is here to stay. Even after the lockdown restrictions have lifted, the number of employees that will continue to work remotely either on a permanent or semi-permanent basis is likely to be high. As such, businesses must embrace long-term solutions now to ensure their employees are able to work securely and effectively from home. This means investing in solutions that provide comprehensive visibility into the network performance, educating the employees on safe remote working practices, and balancing this with employer-employee trust. Failure to make these adjustments will mean businesses’ leaving themselves open to security attacks that could have damaging consequences for any company.