Remote work is here to stay — cybersecurity needs to catch up
By John Chambers
I have long believed that digital transformation allows enterprises to quickly recognize and adapt to market transitions – which is key to gaining market share and breaking away from competitors. Amid the COVID-19 pandemic, the grand work-from-home experiment has further demonstrated the benefits of a digital-first mindset.
Companies that already had the digital infrastructure in place were able to move their operations from one or more central offices to employees’ homes overnight.
My personal experience with the “new normal” of work has only crystallized my belief that now is the time to establish long-term “work from anywhere” arrangements. In early March, right when the pandemic hit the U.S. and when we began shutting down, we cancelled a weeklong physical trip to New York City. We quickly moved to conduct all the meetings to virtual ones, including board meetings, customer meetings, venture capital sessions, and more. One of them was the first-ever virtual dinner meeting, where we had Shake Shack hamburgers, fries, and shakes delivered to 25 participants’ homes, so we could all have dinner “together.” The dinner was one of the best events I’ve participated in and exceeded all our expectations. Little did I know what a glimpse into the future that session would be about the “new normal” of creative sessions.
Today, I do eight to fifteen video sessions a day on Zoom, Google Meets, WebEx, Skype, etc. on five to six different physical devices. My sessions usually start in Europe or Asia, then move to the East Coast, Silicon Valley, and halfway around the world. I believe that I’ll only travel as much as a third of what I used to in the future. At Cisco, we developed the first Enterprise ready video conferencing with TelePresence in 2006, following the Bird Flu Pandemic in Mexico. Since then, I have been amazed by how you can maintain the personal connections that can come from in-person meetings while also being more proactive using work-from-home technology. And this is true now more than ever before.
I suspect I am not the only one finding this “new normal” a refreshing change of pace. There have been multiple reports of increased employee productivity since the outbreak of COVID-19. There are, of course, still many learnings that will come in the months and years ahead, as employees and enterprises alike adjust to the new virtual working economy. But one thing has become clear: Remote work is here to stay.
In this new environment, the most pressing challenge for businesses, after the initial high-speed connectivity, is cybersecurity. The virtual environment creates more opportunities for cyberattacks, including via the employee’s home network and any devices connected to it. What is compounding this problem is that enterprises have fewer controls around the security hygiene of remote workers without the ability to monitor home networks and devices, or do IT home visits. At the same time, threat actors have recognized these security gaps and stepped up attacks against remote workers to snag valuable, proprietary information. One statistic tells the story: 46% of global businesses have encountered at least one cybersecurity scare since shifting to remote work – and I believe this number is actually twice that.
Overcoming the security gaps of a remote workforce will require rethinking existing security approaches, investing in emerging technologies, and developing new solutions. Let’s take a look at some of the possibilities:
Privacy-focused home network monitoring: At the office, IT staff can keep tabs on network traffic and implement defenses like an intrusion detection system. However, for home offices, IT staffers do not have the same tools, forcing them to rely on employees to properly segment their home networks, update router firmware, and keep tabs on which devices are connected. To manage this process better, there needs to be a low-touch way for IT staff to monitor and analyze home network traffic while ensuring that private information like websites visited or services used is not tracked.
The ExoComputer: Businesses may hesitate from leveraging employees’ smartphones and tablets for remote work due to many concerns with the mobile ecosystem. The concept of ExoComputer, embodied by Privoro’s SafeCase, provides an alternative to mobile devices reserved for critical services. Designed to conveniently wrap around any mobile device, an ExoComputer has a specialized security architecture that keeps computing services independent of the associated mobile device.
Continuous authentication: The explosion of the number of mobile devices and cloud-based services has chipped away at the primacy of perimeter-based security – giving digital identity added importance to enterprises. Yet passwords still rule the day as the primary means of granting access to enterprise users. In response, the ability to verify a user based on a variety of behavioral and biometric traits is getting more popular. Soon, spoofing user credentials may be a thing of the past.
Immersive cybersecurity training: While phishing attempts are getting more sophisticated by each day, employee cybersecurity education has remained largely stagnant. It is one thing to know what a phishing email looks like, but it is another to practice identifying one. Instead of relegating critical security hygiene tips to an intranet page or even a typical online training program, the future of cybersecurity training needs to be immersive. Nothing beats a real-world experience when it comes to learning how to spot irregularities or use collaboration tools safely.
Given the unpredictability of the current public health crisis and the benefits associated with the “new normal” of work, every organization needs to prepare as if remote work is here to stay for the long term and make cybersecurity for remote workers a top priority. While there is much progress to be made on this front, the organizations that best enable a secure, fully-decentralized workplace will be the ones to thrive beyond this crisis.