No one’s sure how long social distancing will last – but experts suggest we should prepare for “waves” of distancing to combat recurrences of the pandemic. Even if we’re back together by June, we might be right back at home in October. That means we need to think of working from home not as a short-term anomaly but instead as something we need to get good at.
We owe a debt to the IT professionals working to keep us on the job. It’s not hyperbole to suggest their work is crucial to building the resilient economy we need going forward. We need reliable, secure access to corporate data – without it, many of us would have no ability to conduct business. I’m grateful for all of them.
In the midst of it all they’re also battling a perfect cybersecurity storm. Three forces are dramatically expanding the threat surface:
This recent piece from the Associated Press paints a dismal picture of the heavy job losses sweeping the white collar workforce. Furloughed or laid off employees are often, understandably, angry and afraid. It’s gut wrenching. Unfortunately, some will become insider threats. IT professionals – who already have their hands full keeping remote workers connected – now must also protect data assets during employee transitions. It has to be done.
Health fears and distancing ramp up the pressure. Anxious, isolated employees are more likely to click on risky links or open emails promising the latest news or COVID cure. A study done by FINRA last year identified “social isolation” and “financial strain” as significant contributors to scam susceptibility. Plenty of both going around right now.
It’s also worth observing that, while scams often target individuals, our work-from-home experience binds the personal and professional (both time and technology) more tightly than ever before. At least it has for me. A personal cyber compromise can easily become a corporate cyber compromise.
Cybercriminals, not ones to let a crisis go to waste, have leaned in. Examples abound. This piece from NASDAQ highlights the many scams preying on COVID-related fear and greed (those two human motivations never go out of style, do they?). The US government’s Director of National Intelligence warned against intellectual property theft related to the pandemic, and earlier this week the Justice Department disrupted hundreds of internet domains used to exploit the COVID-19 crisis. I’m sure there are hundreds more.
Without a doubt, working from home expands the threat surface. How can security professionals respond? Here’s my advice.
As straightforward as this advice might be, implementing it is another matter. Unstructured data at most organizations is like the sea: it’s vast, you know there are “interesting” things in it, but it’s impossible to know what you have or whether it’s a threat. Getting past that requires three capabilities:
Those are the capabilities we’ve built at Concentric. Using deep learning, we autonomously find, categorize, and assess the millions of documents your employees use every day. Semantic Intelligence© delivers next-level data protection that’s even more critical as we confront today’s challenging threat landscape from the distance of our home offices.