COVID-19: Security risks are increasing as more people work from home

A security expert offers tips on how to keep employees safe in this work-from-home environment during the coronavirus pandemic.

COVID-19: Security risks are increasing as more people work from home

TechRepublic's Karen Roby spoke with security expert Richard Bird about how to keep companies safe during the coronavirus. The following is an edited transcript of their conversation.

Karen Roby: With so many people working from home, security should be top of mind. Richard, what are your concerns with this new way we're having to work?

Richard Bird: I think there's concerns probably in three specific parts. The first part is a concern about corporations and their capability to actually adjust to a remote workforce model. A lot of people that I've been talking to in companies all around the world built their business continuity plans based upon the assumption that we'd be able to do shift work, where there'd be skeleton crews, left inside of facilities, and it's very clear that now a lot of that has shifted to 100% evacuation from those facilities and 100% work from home. Companies are definitely struggling with a reality that wasn't reflected in their own emergency planning for the workforce. 

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

The second concern for the workforce is that we know behavior in a personal setting tends to be less risk-aware than if you're in your corporate setting, right? Where messaging and communications, even signage, and all those types of things are at least attempting to continuously remind employees to stay safe. When you're at home you're more relaxed, you're in a much more comfortable personal setting and that is a concern relative to letting your guard down.

The third piece that's really troubling that hasn't been getting a lot of attention, other than news breaking about the attempts, is that bad guys thrive in bad times. With all the things that are going on, the things that we're hearing about happening with massive attempts of credential stuffing, massive attempts to bring down the Department of Health and Human Services from a DDoS (Distributed Denial of Service attack) standpoint, and then all of the phishing scams, all of the COVID-19-related application scams that are going on, bad guys are capitalizing in the moment, and the really frustrating part of that is in many cases they're using information that has been gleaned from hacks and exploits over the last five or six years.

We're in this perfect storm of tremendous amounts of personal information that is available about these individuals that are now working from home, and companies that are struggling to provide the same levels of security and safety for both their own assets and their employees, and it's a challenging time.

Karen Roby: What are you telling your clients? What do they need to be doing right now to keep their company, their employees safe?

Richard Bird: Really, a lot of our focus has turned to our own customers and clients' demands where the great example of this massive move of employees to remote work in many companies not having that built into their plans, which the reality that they can't move fast enough to replace big desktop equipment, and so that opens up the need for rapid deployment of access to virtual assets on people's own personal devices, and many companies hadn't planned for the type of scale and speed needed to be able to address that and stay running as a business.

SEE: Laptops are becoming harder to find in stores and online due to the coronavirus (TechRepublic)

Many of our customers are coming to us with basically expansions of their own emergency plans. We're coming back out to customers and to the market, recognizing the fact that as people have gone remote, the need for the extension of security to those remote locations is absolutely critical and vital to, I mean really to national security, to business running it at a certain pace to keep the rest of the economy going.

We're working really hard with both new and old customers to either expand their capabilities around things like multifactor authentication or expand their capabilities to be able to provide a secure access point for web applications or virtual desktops. So, it's in two parts.

The first is there certainly is a segment of the business population that is asking for help trying to immediately resolve gaps and there are a number of companies that we work with that were already well down the path of securing their workforce remotely, but they need to rapidly expand those capabilities.

Karen Roby: Do you feel like when you talk to your clients or to business leaders in general, are you finding that they're scared and worried this isn't going to work out, or do you feel like you have the ability to calm them and say, "We're going to be OK; your security will be taken care of, but you just you've got to do these things"? How do you feel like they're feeling?

Richard Bird: I think my perspective on this is informed by my own experience, 20 plus years in the corporate setting, and IT executive management in large companies. I lived through a lot of events over the last couple of decades, whether that be the internet bubble bursting or 9/11 from an operational management standpoint or things like, I was a consultant on the ground the last days of Enron. All of these events, while they're not the same as what we're going through today, certainly have informed a lot of senior leaders in terms of how to manage through a crisis without panicking, but what I really find interesting is the big difference in today's environment versus those other periods in time has been the expansion of digital capabilities.

As I'm talking to business leaders around the world, what I am really impressed by is actually the lack of panic and their effort to address the need to continue to operate and continue to sustain business operations, not just from a, "Let's get through this crisis" standpoint altogether, from that standpoint, but from a realization that this event does have an expiry date on it.
Everyone is looking to the horizon knowing that there is a point when we will collectively and globally have this under control, and a big concern for a lot of the corporations that I think is tempering any concerns or panic is, nobody wants to be in a situation where they overreact relative to reducing and eliminating staff and cutting back operations to the point that when this thing does turn around and it will turn around quickly, that they're unable to meet the demands and needs of their customers in a hyper-escalated economic environment where everything comes back online.

I really am impressed by how little panic I see in corporate executive management here in the United States as well as around the world, and I just think that's emblematic of our capabilities being extended with all of the digital means that we have available to us today.

Also see


Image: Mackenzie Burke