Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

March 27, 2020 811 Views Gabriel Torok

It’s official. COVID-19, more commonly known as the Coronavirus, has been declared a global pandemic by the World Health Organization (WHO) with hundreds of thousands of cases worldwide. In the United States, restrictions are ramping up as case numbers soar — New York governor Andrew Cuomo has ordered all nonessential workers to stay home, and my own state’s governor Mike DeWine has issued a statewide shelter-in-place order.

Along with disruptions to daily life, the expanding impact of COVID-19 has forced businesses to rapidly pivot and adopt remote-work models — even if they have no experience with mobile connections and on-demand collaboration. The result is a surge in remote everything, from team chats to primary school education to project management and even healthcare delivery. See my previous blog on our customer commitment during the age of Coronavirus.

And while efforts to bridge the digital divide are having a positive impact for both workplace productivity and the mental health of those in isolation, there’s a potential pitfall: Cybersecurity. As noted by CNBC, there’s already been a significant uptick in scam and phishing emails — but what happens if malicious actors breach critical apps and services?

Here’s a look at how companies can still go the distance for cybersecurity, even when they’re nowhere near the beaten path.

The Big Push

Remote work has been on the radar for years. Employees were overwhelmingly in favor — research from 2019 showed that 99 percent wanted the chance to work remotely “at least some of the time” for the rest of their career. Employers, meanwhile, have been historically more reticent to support remote shifts; as noted by Business News daily , 75 percent of staff surveyed last year said their employer won’t help cover the necessary costs of working from home, such as a reliable Internet connection.

The Coronavirus, however, gave companies the push they needed — but didn’t want quite so suddenly — by forcing teams to work from home full-time and still achieve some semblance of productivity. It hasn’t been easy; CNN reports that federal agencies are struggling with technology challenges that limit meeting participants or concurrent virtual users. The ubiquity of robust cloud services, powerful mobile devices and rapid design frameworks for applications, however, makes this a temporary (albeit large) hurdle that companies are rapidly learning to overcome.

CNBC puts it simply: Coronavirus may well be the “tipping point” for Americans working from home — once we’re here, there’s no going back.

The New App Ecosystem

In corporate offices, schools and healthcare facilities there’s a split IT focus: While applications are necessary for end-user productivity, underlying infrastructure management is also critical. Working from home shifts this balance — infrastructure related to Internet bandwidth, speed and access move off-site into the realm of ISPs and other third-party providers, creating a clear path to business value: Applications.

Existing application features — such as contactless payments from Google Wallet and retail apps from Starbucks — are suddenly getting a workout, while food delivery services have built-in new contactless delivery protocols and notifications that help drivers and customers stay safe.

There’s also been a massive surge in collaboration app use — as noted by The Hill , for example, Microsoft’s Teams collaboration tool gained more than 12 million users in the last week alone, reaching a record high of 44 million daily logins. According to Business 2 Community , other applications like Slack, Zapier and Zoom are also on the rise, with many offering free or discounted use for businesses, schools, banks and healthcare organizations.

And that’s just the beginning — new apps have already been developed to help manage Coronavirus cases. In China, the Health Code app assigns citizens green, yellow or red barcodes depending on their risk of exposure and infection, while Thailand’s Digital Economy and Social Ministry (DES) rolled out an app that tracks quarantined individuals in self-isolation . Closer to home, there’s an AI-aided application in development that will help Americans self-assess their symptoms and risk and direct them to the nearest testing facility if necessary.

The Missing Piece

It’s one thing for scammers to send Coronavirus-related phishing emails or solicit fake charity donations, but what happens if they compromise networks, services and applications?

As companies and individuals deal with the sudden shift to social distancing, it’s easy to overlook a critical piece of the puzzle: Effective cybersecurity. The potential impacts range from frustrating to potentially fatal — if hackers compromise food delivery apps, for example, they could reroute payments and tips to their own bank accounts. If they infiltrate infection and quarantine apps, meanwhile, the difference could be life-and-death.

So how do developers, enterprises and end-users go the distance for cybersecurity? Start with a three-point approach, including:

Information— As noted by Computer Weekly, it’s critical for companies to provide employees information about cybersecurity best practices for remote work, especially as numbers ramp up. This includes the use of antivirus programs and firewalls on home computers along with healthy skepticism around any emails that are supposedly “urgent” or “mandatory”.
Frustration — Wherever possible, it’s worth frustrating attacker efforts by giving them as little data as possible. The simplest path? Reliable virtual private network (VPN) services that prevent attackers from eavesdropping on data transmissions or tracing information back to its source. The caveat? Make sure the VPN service itself is secure before buying in.
Obfuscation — Applications compromised at runtime may appear to act normally but give attackers the ability to introduce new commands, exfiltrate data or reverse engineer code to steal IP or create persistent threats. With the sheer amount of app usage and development across industries and market verticals, it’s essential to protect critical code with tools capable of detecting potential attacks, hardening key functions and obfuscating sensitive code and data — in turn forcing attackers to try their luck somewhere else.

Remote work is the new reality. Applications and services are emerging to help boost productivity and increase public health but in the age of Coronavirus it’s not enough to bridge the digital divide — organizations must also go the distance to deliver a layered defense and effective cybersecurity.

Latest Blog Posts

Dotfuscator 6: The Next Era of Dotfuscator

In the months since we released the Dotfuscator 6 beta, we’ve been hard at work finishing the feature set, fixing issues, and putting on the final touches in preparation for the full release. Now, we are happy to announce the full availability of Dotfuscator 6!

At PreEmptive, we’re closely following the evolving Coronavirus (COVID-19) public health emergency, and our thoughts are with those affected and their families during this difficult time.

We are taking precautionary steps to continue normal operations without affecting our customers. At the same time, ensuring the health and safety of our customers, partners, and employees is our highest priority.

We have provided application protection software to the world's top organizations for more than 20 years. Although, this case is somewhat unique, it is not the first time we have been confronted with economic disruptions and uncertainties. Prior critical lessons have helped shape us into the company we are today: a robust organization with layers of contingency plans in place, a strong balance sheet, and an experienced team that values long-term relationships with our customers and partners above all else.

Evolving Hazards, Emerging Hope and the Expanding Human Element

The theme at the RSA conference this year is the “Human Element” — the critical role of individuals in the efficacy of organizational security measures. Along with sessions about the hazards of IT complexity and the hope of ethical AI, the expanding impact of COVID-19 concerns offered a real-world example of human elements at work, highlighting how IT staff can both help — and hamper — the effectiveness of infosec efforts.

Here’s a look back on some of my biggest takeaways from RSA 2020.

Unlike Y2K, 2020 was not preceded by waves of doomsday predictions, hype and frenetic IT overhauls. Developers are still under pressure to produce more, in less time, and at a lower cost, enterprises are as committed to their love/hate relationship with software as ever, and app users still expect perfection.

…but don’t let the usual crush of work and expectations lull you into a sense that it’s just the same old sprint to the next development project. Recent enforcement precedents, regulatory milestones and standards updates strongly suggest that 2020 app development and app security requirements will be anything but “business as usual.”

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

The Big Push

The New App Ecosystem

The Missing Piece

Dotfuscator 6: The Next Era of Dotfuscator