It’s probably no surprise that staff find any way they can to continue working. That includes using insecure devices and shadow IT. I suggest a three-pronged approach: 1) make sure your staff are aware of the risks; 2) put in place/review your security controls to mitigate threats; 3) assume your going to see breaches and plan accordingly…:
[…] CrowdStrike’s Asia-Pacific Japan vice president of engineering Sherif El Nabawi said: “With telecommuting still highly encouraged despite the easing of various countries’ lockdown measures, unresolved cybersecurity risks from the initial shift to remote work will be carried forward and continue to present more opportunities for cyber adversaries.”
He noted that employees who tapped their own devices to conduct work tasks brought increased risks, as compromised personal devices could jeopardise their company’s network. “These include employees inadvertently introducing malicious code when they move work-related files and documents between personal and corporate devices and networks,” Nabawi said. “Personal or home internet connections are also more vulnerable to threat activity, making remote workers a potential threat to sensitive company information.”
“Organisations must, therefore, update their cybersecurity policies to factor in remote working. This includes planning for the use of personal devices, secure access for BYOD (Bring-Your-Own-Device) on corporate networks, and leveraging VPNs (virtual private networks) to protect sensitive data accessed through insecure Wi-Fi.”
He urged companies to minimise their exposure by ensuring their employees were aware of cyber threats associated with remote work and the importance of maintaining their cyber hygiene. He added that organisations should be prepared with crisis management and incident response plans that could be quickly executed, remotely.