c oronAvirus: how
contain its spread, home could be where the headache is,”
to implement sAfe And if it’s not too late, lay tHe

secure remote working Assuming it is not already too late to do so, IT and security
teams should do their best to get out ahead of the transition to
Find out what CIOs and CISOs need to know
Liviu Arsene, a global cyber security researcher at BitDefender.
to enable their users to work remotely and
“Before deciding to enforce work-from-home policies, IT and

to enable their users to work remotely and
stay secure. Alex Scroxton reports
News
❯ We look at how staff
can remain productive,
How IT leaders and
their teams are
helping staff through
and happy while working from
coronavirus crisis
coronavirus pandemic.
encing software that ensures a stable voice and says. “You can suggest split tunnelling, which
How postmasters
made legal history with
referral of potential
miscarriages of justice
Giving public cloud
the credit it's due
Active Directory credentials can be difficult when remote. enhance security, the technology comes with its own set of
“Even if a large number of employees need to change their problems, as Chapman points out.
passwords before leaving the office, it’s a hassle-free For one thing, they are reliant on the security of the originat-
It goes without saying that whenever an employee is working “Advise your employees to avoid using their Wi-Fi
Coronavirus: How to
implement safe and
secure remote working and any software-as-a-service (SaaS) resources they need via workstation to the router with a network cable. Not only does
a virtual private network (VPN). A VPN is a piece of this provide a more secure connection, but also enhances speed
Future of open source
licences is changing
internet, and into the organisation’s network. Wi-Fi networks and infected personal devices to access corpo-
If preparing for a sudden increase in the volume of remote rate assets. Security teams want to ensure that access to cor-
workers, it is absolutely critical to make sure that you have porate resources is always done from a safe, trusted, operating
enough licences to accommodate simultaneous connections system – in some cases, this is a hard compliance
from all of them, says Arsene. requirement,”
Phil Chapman, a senior cyber security instructor at Firebrand says Hysolate’s Zamir.
Training, says there are several steps security teams can take
News
endpoint-related attack vectors, such as operating system vul- isolation, so too do we look to prevent viruses from infecting our
How IT leaders and
their teams are
helping staff through
browser/ mail vulnerabilities, USB/external device ration between healthy and ill. For the health of our corporate
coronavirus crisis
malware to simultaneously access corporate network resources from anything that could potentially cause it harm, including the
How postmasters and have direct unfiltered access to the internet,” adds Zamir. wild internet.”
made legal history with
referral of potential
miscarriages of justice
endpoint security and tHe ciso's dilemma
Zamir also points out the need for endpoint security. “The edges, this is a terrible idea because the lockdown model typi-
Giving public cloud
the credit it's due
that remote workers use to connect to the corporate network, and one they will try to get around, putting the business at
endpoints that now will be fair game for cyber criminals,” he greater risk than it might otherwise have been.

Coronavirus: How to
implement safe and
Future of open source
As people seek isolation to protect themselves physically, CISOs need

News
erals, without switching between devices. They would like to David Higgins, says that endpoint security for remote work-
How IT leaders and
their teams are
helping staff through
added network latency, in the corporate network, in the cloud, policy. “In the current environment, where endpoint devices
coronavirus crisis
“They expect to always work natively and locally and have rity, cyber security needs to match the flexibility of modern
How postmasters fast, responsive applications. They want working,” he says.
made legal history with
referral of potential
miscarriages of justice
Wi-Fi networks at home or at the and should assume endpoint devices
Giving public cloud
the credit it's due
For this reason, CISOs must walk guidelines regarding accepted will be. This position is important
a fine line between overly restrict- because it mandates that we adopt
ing user behaviour and optimis- applications and the critical premise of zero trust by
ing cyber security hygiene. If the enforcing isolation to prevent such
liviu arsene,
choking their ability to work productively, but if the restrictions “Once combined with a just-in-time provisioning of access
Coronavirus: How to
implement safe and
secure remote working levels of risk. attacker using a remote worker’s identity to infiltrate a busi-
“Sending out rules and guidelines regarding accepted applica- ness,” says Higgins.
Future of open source
need to be made aware of what is sanctioned and what is not,” talk to your people, don’t let tHem be tHe weakest link
network security, monitoring and logging tools, IT and secu- greatest risks to organisational security is humans themselves,
rity teams can be notified whenever untrusted connections or who collectively display an ability to accidentally do the wrong
unauthorised applications are spotted to quickly and timely thing in almost every situation – in this case, falling for a cyber
News
more crucial. What is more, the cumulative volume of phishing net. Do not follow directions or links from emails or text mes-
How IT leaders and
their teams are
helping staff through
coronavirus is enormous – it may even be the largest ever. social engineering attempt, report it. If you’re unsure, ask. It’s
coronavirus crisis
your workforce is appropriately equipped and educated, it “Don’t leave yourself vulnerable to malware infection or data
How postmasters doesn’t need to be, leaving you free to concentrate on the big loss. Encrypt your data and keep backups on clouds and external
made legal history with
referral of potential
miscarriages of justice
public place – or even in an office – are minimised when Make sure you check the website’s URL. If you’re ever unsure
Giving public cloud
the credit it's due
working staff can start by behaving as if they are in the office link provided to reach your destination,” he adds.
and apply the same mechanisms as they would in their usual
workplace. remote working doesn’t Have to be risky
equally as at work. This should also apply to telephone calls and depending on how long the crisis stage of the pandemic lasts,
online meetings,” he says. we could be looking at the emergence of a highly significant,
Coronavirus: How to
implement safe and
secure remote working steps that remote workers can take to protect themselves. However, as is so often the case when it comes to cyber
“All emails, text messages and phone calls can be faked or security, paying a little care and attention to basic security
Future of open source
licences is changing
other trusted parties,” he says. users alike.
Downtime
For emails, check the sender details. If you receive a request you collectively flatten the curve and minimise the number of
weren’t expecting, or one which has an undue sense of urgency, coro- navirus infections and deaths, collective caution when it
slow down. Stay in control of your actions. comes to remote working and cyber security will help
“Think about what protections you need to have in place at organisations and individuals avoid falling victim to a needless
home. As a minimum, use an antivirus program, turn on your and unneces-
firewall and update when prompted,” says Alashe. sarily distracting incident. n 7-20 April 2020 24

