Work will never be quite the same once the pandemic has passed
By Brendan O’Connor, CEO, and Co-founder, AppOmni
There are encouraging signs that the Covid-19 pandemic – arguably the greatest disaster of our generation – is beginning to recede, at least in some parts of the world. While the disarray it provoked throughout the economy is still very much with us, there is reason to believe that a tolerable new normal will emerge – an innovative set of practices representing a tectonic shift away from what normal used to be – in the workplace, in leisure pursuits, and in commerce.
Although the contours of that new normal are still in flux, the experience of the past few months has driven home some durable lessons – lessons we expect will help shape post-pandemic life as recovery gets underway. One of the most apparent is that working from home is almost certain to become an enduring element of employment for millions of workers. That’s good, both for the workers and their employers. But it comes with certain caveats.
For starters, I’ve heard from leaders of several organizations that employees working from home have been asking their companies to slow down the release of new and updated versions of their enterprise software. Learning new software and mastering feature changes, particularly without hands-on personal guidance, is disruptive, often leading to a surge of help desk calls that can be hard for IT staff, working remotely, to keep up with.
The practical consequences of slowing the rollouts might include accepting longer lives for software versions that would previously have been considered obsolete. It would also argue for greater use of automated instructional software layered atop the enterprise application – software that enables employees to master changes more quickly and with greater confidence.
Another result of the coronavirus outbreak has been an acceleration of information movement from on-site data centers into the cloud – a transition that had already been underway. Cloud-based applications and related data can be readily accessed by people working remotely using just about any kind of digital device, which makes it attractive for homebound workers. And today, public clouds are widely regarded as secure. It is in cloud providers’ best interest to ensure the highest security of the application and data to attract more adopters. Increasing adoption of public cloud and transition away from traditional datacenter solutions will be added added changes in the digital landscape.
Then there’s the Big One: security. Data security has always been a focus of IT professionals and frequently a concern to senior management as well. But the explosion of off-site computing resulting from employees working at home, frequently using their own consumer-level digital devices, has made security an imperative. Of course, there was serious concern from the onset of Covid-19 that large-scale work-from-home patterns would present a temptation to hackers. Less effective security in home environments – including network sharing with children and other family members – would make it much easier for criminals to perpetrate fraud or attack unsuspecting users.
As it turns out, those suspicions were right. According to the Wall Street Journal, cyberattacks against banks and other financial firms rose by 238 percent between February and April1, just as the bulk of their employees began working remotely. At the same time, aggressive furloughing for cost reduction led to a decrease in the number of employees whose regular assignments involved responding to cyberattacks. The problem has been amplified by the government’s mass distribution of stimulus funds for individuals and businesses through financial institutions, which play a central role in the pandemic response. Capitalizing on chaos is a familiar pattern for every sort of criminality, and the confusion resulting from the coronavirus response provided a perfect recipe for abuse.
What does that mean going forward into a post-pandemic world? There are, as a report pointed out, various technical steps that would be prudent to take including multi-factor authentication, special controls for certain facility-based applications, and device virtualization. But the primary focus needs to be on people – the system’s users.
An indefinitely and perhaps permanently distributed workforce needs to stay aware of how the things they do can either create or abate risks. That means constantly communicating the basics of digital hygiene, possibly engaging a service that focuses on raising user awareness of cyber mischief, along with vigilant monitoring for telltale signs of a security breach. Among the best practices for users:
- Keep business and personal email and other work accounts separate.
- Require the use of multi-factor authentication and ensure such policies are continuously enforced.
- Make sure users know what to do if a device is lost, stolen or compromised.
- Keep processes as simple as possible; when they get complicated, they get ignored.
- Equip IT and security teams with tools for continuous monitoring across multiple SaaS environments.
Of course, there are likely to be other features about the emerging ‘new normal’ that touch in one way or another on the digital lives of organizations, their employees, and the people they serve. For example, one commentator in Forbes argued that adopting and then complying with a new international cybersecurity regulatory framework – a regimen similar to GDPR or HIPPA – would be timely. Whether the political and economic support for such a regimen will materialize in the U.S. is an open question. But with or without one, the pandemic has given the need to create a secure and resilient digital ecosphere of technology, processes, and people, greater urgency than ever before.
About the Author
Brendan is a 20 year veteran of the security industry. Prior to founding AppOmni, he was Security CTO at ServiceNow. Before joining ServiceNow, Brendan spent 10 years at Salesforce where he led Salesforce’s global information security organization as CSO. Prior to his role as CSO, Brendan was VP Product Security at Salesforce. Brendan has also worked in the Financial Services and Communications sectors. His past experience includes work as a vulnerability researcher, security engineer, and privacy advocate. He is passionate about securing the technology that connects the world.
Brendan can be reached on Twitter at @AppOmniSecurity and at our company website https://appomni.com/.