Work-From-Home Presents Cybersecurity Challenges, Even At The State Level

As the COVID-19 pandemic ramped up, companies were tasked with quickly adapting to the new work-from-home situation, often with little to no preparation. While some experienced a bumpy transition, others smoothly navigate these changes. The sudden shift put companies’ cybersecurity and ability to manage equipment and software needs to the test, exposing key weaknesses that must be addressed, as remote working will likely continue as long as case numbers increase.

As companies adopt virtualization and cloud-based services, it’s becoming clear that they will need to continue moving in that direction. Organizations that were already on the path towards remote working environments have shifted into full virtualization much more seamlessly. IT frameworks that were built with decentralization in mind were particularly well-poised to transition gracefully, noted Michael Watson, Chief Information Security Officer (CISO) for Virginia.

Broadly distributed workforces can present major protection challenges. Some security issues can be solved relatively easily with virtual private networks, or on-premises private cloud solutions. However, device use in unpredictable locations, especially when spread across multiple states, can be particularly tough to manage. This is especially true for smaller organizations with unsophisticated technology and inadequate infrastructure for adding security protections. The situation may present serious risks for many companies, particularly as data breaches have recently been on the rise.

Government systems have also been affected as employees moved off government networks. North Dakota CISO Kevin Ford reported that his employees were inundated with attacks almost as soon as they plugged into home modems. Potential security measures end up raising questions about employees’ privacy at home. Communication methods, like Zoom’s free version, and managing application portfolios can also be problematic. Ford recommends that the focus remain on assets and data at the state level, rather than the corporate network, as this temporary solution is not a long-term working model for government offices. Others suggest greater focus on virtual desktop infrastructure.

The major lesson to be learned here, says John MacMillian, Pennsylvania’s Chief Information Officer, is to keep an open mind. Though working conditions may be new, the technology is not, and most of the problems that organizations are experiencing now existed before. This presents an opportunity for companies to strengthen internal systems and move towards a better version of their IT capabilities.