Maintaining Business Continuity Amid Changing Workplace Operations
April 2020 by Fortinet
In show business, the adage “the show must go on” requires each member of the cast and crew to have an understudy whose sole purpose is to step in should something unforeseen occur. The same should be true in business. However, recent global events have shed light on the fact that this is easier said than done.
To address today’s concerns around public health and human safety, businesses across the globe are in the process of transitioning to a remote workforce. However, the sudden, widespread use of teleworker solutions has highlighted several challenges for businesses from both an operational and security standpoint. Addressing these challenges requires a business continuity strategy that can guide and secure an organization through times of uncertainty.
Challenges and Considerations for Maintaining Business Continuity
Organizations must remain agile and support secure business continuity management as business operations necessarily undergo radical transformation. Below are considerations for CSOs and business leaders to help keep the business moving during times of unprecedented change.
Conduct a Security Risk Assessment
Because many employees are unable to take their work desktops with them into their home office, they need to leverage web portals and virtual private networks (VPNs) to get their job done. With this shift in access comes several new security risks, including BYOD issues for users without a corporate laptop, a lack of infrastructural support, and interoperability challenges given the variety of technologies being used to connect back to the network. For this reason, it is important that organizations reassess security risks from a more comprehensive point of view.
Business continuity and disaster recovery plans are critical, as is a comprehensive security policy that covers things like remote access protocols and managing user-owned devices on the network. It is also imperative that IT teams are able to ensure that all devices connecting back to the network meet network security standards before they are allowed to connect. Additionally, organizations must confirm they are keeping pace with patch management and maintaining a comprehensive security posture through the use of controls and automation.
Set Up and Securing a Remote Workforce
First and foremost, organizations need to make certain that access control policies ensure that all business-critical users and devices have access to the resources they need to perform their jobs. From there, businesses must also validate that these users and devices are secure. There are a number of security aspects that will only be magnified due to the sudden influx of devices connecting remotely to the network. There are two major issues to focus on to best support a telecommuting workforce:
Many of today’s teleworkers will be novices. For business administrators and employees who typically conduct daily business affairs in-office, the security requirements of telecommuting are something very new. For this reason, organizations must devise a plan for delivering online training to those users who need to learn how to access systems remotely and securely.
Remote work tools, such as conferencing platforms, generally put access to your internal network into the hands of users and devices that may not stand up to your security standards. Training these users to recognize red flags will be essential to protecting your more widely distributed network.
Currently, the majority of cyberattacks occur via email. In an attempt to steal personal and financial information, cyber criminals have been launching phishing attacks to exploit the current crisis. Making it appear as though they are from organizations like the CDC or the World Health Organization, CEOs of major corporations, banks and financial institutions, or a victim’s CEO or HR department with important news about their company or job. These malicious actors are using the same ploy to target businesses across all verticals from financial services and healthcare to retail and more.
It is essential, therefore, to have the right security controls and training modules in place to protect your business, your employees, and your customers from compromise. To do this, organizations must have appropriate plans in place to protect their customers and employees from themselves from clickbait.
Test Existing Security Controls and Automation
As day-to-day business operations change and the new remote workforce gets settled in, any longstanding gaps in cybersecurity resources or any networking limitations will become exacerbated. Organizations may be further constrained by the number of security workers available to manage ongoing issues, and be forced to rely on technology and automation to take care of low-hanging fruit.
This shift to telecommuting practices will additionally force organizations to enhance their cloud or e-commerce presence, introducing additional challenges of performance and scalability. Leaders must account for the kinds of security controls in place in their previous network and understand how those same controls are going to operate in this new working environment.
Although they may face more alerts, and generate more security data to analyze, organizations with proper controls in place prior to this shift should be well equipped to maintain smooth business operations.
However, many businesses may not have had the controls in place to support a remote workforce. For these organizations, controls will have to be built from scratch. This could take some work, as they will need to build controls from the ground up without much of an idea of what their security baseline previously was or how security events could affect them in the future. It will be critical that these businesses focus on implementing controls supported by automation to augment limited resources and maintain a strong security posture.
Regulations such as GDPR and CCPA are going to strain the ability of enterprises and service providers in this new environment to maintain required levels of privacy. According to Fortinet’s Jonathan Nguyen-Duy, "The challenge is going to be, how do you enforce and maintain compliance at a global level to such a degree of granularity, when you have so much fluidity in the way that people are accessing and authenticating themselves across your network environment."
Anticipate a Shift in How Business is Conducted
While working from home has been gaining in popularity for several years, many organizations have still hesitated to move to remote telework. However, in the wake of the current public health crisis, many of these businesses have been forced to relent. As they test this new working environment, there is a possibility that we will begin to see a cultural shift in how people do business.
According to Fortinet’s Renee Tarun, it may set a precedent. The hand of resistant corporate leaders has been forced on the issue of a remote workforce, and for that reason there could be a shift in leaders’ openness and willingness to keep these new approaches to networking and business operations in place once the current crisis has passed.
Fortinet’s Courtney Radke agrees, and is hopeful that this shift will lighten the corporate stance on work-from-home provisions. As businesses adjust to relying on remote teleconferencing tools, VPNs, secure remote access. Autoscaling, and cloud, mobile, and e-commerce platforms - all of which have been around for some time - Radke believes newfound business practices will shine a light on the importance of these tools, causing leaders to question, “Why didn’t we have a plan like this in place before? Should we now implement a new policy for allowing remote work?”
Though cultural norms and mindsets are the most difficult aspects to influence and change in any organization, the recent dramatic and forced shift in business operations could result in a dynamically altered workforce situation.
As we navigate through largely uncharted waters during these unprecedented times, many new questions and challenges will arise concerning security. Though we may not have all of the answers now, it is nonetheless critical that businesses do their part in securing customer data, employee operations, and business continuity as best as possible. By leveraging security tools and resources, such as those offered through Fortinet, business leaders can establish best practices and get the support they need to protect their organizations during these times of rapidly evolving workplace operations.