The COVID-19 pandemic has resulted in remote work becoming the new normal for employees worldwide. While this measure has been successful in keeping employees safe, unfortunately, it has introduced new security vulnerabilities that can put an organization’s systems and data at risk. The following are 5 categories of vulnerabilities:
- Employee security—Focal points of employee security include a well-documented teleworking policy, thorough employee training, antiphishing services, and identity and access management (IAM).
- Endpoint security—Endpoint security involves encryption, management and antivirus services, vulnerability and patch management, and the ability to backup and restore data. Other considerations for endpoint security include:
- Web content filtering
- Application security
- Cloud-access security broker (CASB) services
- Network security—To secure the network, organizations must consider implementing a high-availability remote access infrastructure, network access control (NAC) and enhanced technical support.
- Security monitoring—Enterprises must evaluate security system availability, endpoint malware infections, virtual private networks (VPNs) and more to detect malicious activity.
- Security reporting—Specialized reporting such as analysis of remote user endpoints, access logging and monitoring, vulnerability compliance reports and more can help mitigate security risk.
If these vulnerabilities are not addressed, they can present serious dangers to enterprises both during the interim remote work period and over the long term.
To learn more about executing advanced IT security countermeasures, read the full article “Pandemic-Driven Remote Work and Risk Management Strategies” in the ISACA® Journal vol. 5, 2020.