Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

Categories
Risk Management

Published on March 27, 2020 by Gabriel Torok

Reading Time: 4 minutes

It’s official. COVID-19, more commonly known as the Coronavirus, has been declared a global pandemic by the World Health Organization (WHO) with hundreds of thousands of cases worldwide. In the United States, restrictions are ramping up as case numbers soar — New York governor Andrew Cuomo has ordered all nonessential workers to stay home, and my own state’s governor Mike DeWine has issued a statewide shelter-in-place order.

Along with disruptions to daily life, the expanding impact of COVID-19 has forced businesses to rapidly pivot and adopt remote-work models — even if they have no experience with mobile connections and on-demand collaboration. The result is a surge in remote everything, from team chats to primary school education to project management and even healthcare delivery. See my previous blog on our customer commitment during the age of Coronavirus.

And while efforts to bridge the digital divide are having a positive impact for both workplace productivity and the mental health of those in isolation, there’s a potential pitfall: Cybersecurity. As noted by CNBC, there’s already been a significant uptick in scam and phishing emails — but what happens if malicious actors breach critical apps and services?

Here’s a look at how companies can still go the distance for cybersecurity, even when they’re nowhere near the beaten path.

The Big Push

Remote work has been on the radar for years. Employees were overwhelmingly in favor — research from 2019 showed that 99 percent wanted the chance to work remotely “at least some of the time” for the rest of their career. Employers, meanwhile, have been historically more reticent to support remote shifts; as noted by Business News daily , 75 percent of staff surveyed last year said their employer won’t help cover the necessary costs of working from home, such as a reliable Internet connection.

The Coronavirus, however, gave companies the push they needed — but didn’t want quite so suddenly — by forcing teams to work from home full-time and still achieve some semblance of productivity. It hasn’t been easy; CNN reports that federal agencies are struggling with technology challenges that limit meeting participants or concurrent virtual users. The ubiquity of robust cloud services, powerful mobile devices and rapid design frameworks for applications, however, makes this a temporary (albeit large) hurdle that companies are rapidly learning to overcome.

CNBC puts it simply: Coronavirus may well be the “tipping point” for Americans working from home — once we’re here, there’s no going back.

The New App Ecosystem 

In corporate offices, schools and healthcare facilities there’s a split IT focus: While applications are necessary for end-user productivity, underlying infrastructure management is also critical. Working from home shifts this balance — infrastructure related to Internet bandwidth, speed and access move off-site into the realm of ISPs and other third-party providers, creating a clear path to business value: Applications.

Existing application features — such as contactless payments from Google Wallet and retail apps from Starbucks — are suddenly getting a workout, while food delivery services have built-in new contactless delivery protocols and notifications that help drivers and customers stay safe.

There’s also been a massive surge in collaboration app use — as noted by The Hill , for example, Microsoft’s Teams collaboration tool gained more than 12 million users in the last week alone, reaching a record high of 44 million daily logins. According to Business 2 Community , other applications like Slack, Zapier and Zoom are also on the rise, with many offering free or discounted use for businesses, schools, banks and healthcare organizations.

And that’s just the beginning — new apps have already been developed to help manage Coronavirus cases. In China, the Health Code app assigns citizens green, yellow or red barcodes depending on their risk of exposure and infection, while Thailand’s Digital Economy and Social Ministry (DES) rolled out an app that tracks quarantined individuals in self-isolation . Closer to home, there’s an AI-aided application in development that will help Americans self-assess their symptoms and risk and direct them to the nearest testing facility if necessary.

The Missing Piece

It’s one thing for scammers to send Coronavirus-related phishing emails or solicit fake charity donations, but what happens if they compromise networks, services and applications?

As companies and individuals deal with the sudden shift to social distancing, it’s easy to overlook a critical piece of the puzzle: Effective cybersecurity. The potential impacts range from frustrating to potentially fatal — if hackers compromise food delivery apps, for example, they could reroute payments and tips to their own bank accounts. If they infiltrate infection and quarantine apps, meanwhile, the difference could be life-and-death.

So how do developers, enterprises and end-users go the distance for cybersecurity? Start with a three-point approach, including:

  • Information— As noted by Computer Weekly, it’s critical for companies to provide employees information about cybersecurity best practices for remote work, especially as numbers ramp up. This includes the use of antivirus programs and firewalls on home computers along with healthy skepticism around any emails that are supposedly “urgent” or “mandatory”.
  • Frustration — Wherever possible, it’s worth frustrating attacker efforts by giving them as little data as possible. The simplest path? Reliable virtual private network (VPN) services that prevent attackers from eavesdropping on data transmissions or tracing information back to its source. The caveat? Make sure the VPN service itself is secure before buying in. 
  • Obfuscation — Applications compromised at runtime may appear to act normally but give attackers the ability to introduce new commands, exfiltrate data or reverse engineer code to steal IP or create persistent threats. With the sheer amount of app usage and development across industries and market verticals, it’s essential to protect critical code with tools capable of detecting potential attacks, hardening key functions and obfuscating sensitive code and data — in turn forcing attackers to try their luck somewhere else. 

Remote work is the new reality. Applications and services are emerging to help boost productivity and increase public health but in the age of Coronavirus it’s not enough to bridge the digital divide — organizations must also go the distance to deliver a layered defense and effective cybersecurity.