Work From Home
Technology trends already had security professionals working on how to build defenses for an environment that was no longer inside a perimeter wall. The necessity of WFH has brought more attention to this need. Other consequences of WFH include:
- Unfortunate things happened in the haze of the initial move to WFH (e.g., plugging in unpatched appliances, fewer eyes on glass monitoring).
- Highlighted security gaps for mobile device management (MDM) (e.g., organizations had former employees with data stored on devices used as part of a BYOD program).
- Taking eyes off the ball – financial impact, personnel availability, new priorities, and other issues resulted in organizations making tough choices about what could be completed from its security road map.
- Things were not noticed – while organizations were closed or while people were not working on-site, security events were not noticed as quickly.
- Extended timeline for forensic investigations – there were numerous practical challenges, ranging from getting physical access to make an image of a device to installing an EDR tool on devices that were ofline.
- False unemployment claims – starting in spring 2020 and continuing throughout the year, many organizations identified fraudulent unemployment claims for current employees (sometimes a few and sometimes hundreds, often including executives).
- Ransomware impact – the combination of the WFH distraction from security, practical challenges of investigating an incident and restoring systems led to threat actors receiving payments, which led to a surge in ransomware events and higher ransom demands in the summer and fall of 2020.
Avoid organizational information governance practices that don’t work in the “real world.” Real-world problems include:
- Storing sensitive information longer than necessary and in locations not protected or managed by IT security (including external devices, file shares, and cloud services) – increasing an attack surface and creating opportunities for access to information that should not exist in the first place.
- Inability to monitor and detect accidental exposure or theft by insiders of sensitive data.
- Confounding employee use of information – necessary diagrams go missing, or multiple versions of the same document lead to confusion and inefficiency (or worse!).
- Presenting inconsistent or nonexistent reportable practices during internal or third-party audits.
- Multiplying costs during eDiscovery responses to litigation and regulatory investigation.
Consider taking discrete steps that offer outsize effects:
- Execute a brief, focused information governance policy (e.g., “Manage Information Responsibly”).
- Confirm a records retention schedule with defensible practices.
- Automate the application of the records retention schedule against file locations according to information type and retention period.
- Responsibly delete; move to storage; delete; concatenate and remediate; and delete again.