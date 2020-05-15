With the current global pandemic, for many of us, our home has become the new office and this new reality is changing the security landscape.

New devices are connecting to high-value assets in the enterprise from home, and you are not alone on your home network. Our gaming computers, IP cameras and family are all one step away from enterprise infrastructure. Working from home is not a new thing, but the urgency and scale of working from home during this particular time are unprecedented.

Handling this new challenge requires special considerations because security is never additive. Every new solution brings new vulnerabilities, including the security solutions themselves. For instance, a new virtual private network (VPN) service for WFH employees can be a new attack surface if it does not provide multifactor authentication (MFA).

Enterprises should consider adopting Zero Trust principles so the work location doesn’t impact security. The three steps to consider implementing are as follows:

Enterprises should help employees set up cyber hygiene at home so that every outgoing connection is protected and examined.

at home so that every outgoing connection is protected and examined. Every authentication should be verified and audited if enterprise assets are involved, including accessing VPN service, online collaboration tools, cloud storage, source code management systems, etc. Essentially, organizations should ensure that the right asset is accessed by the right user under the right conditions.

under the right conditions. Enterprises need to gain visibility and control over company assets, including home office devices, so they can detect unusual behavior and take corrective actions .

Humankind has gone through pandemics in the past, and I am pretty certain that we will get through this as well. However, what is different from pandemics of the past is the sudden shift to a digital economy and how fast we transitioned to remote work. Adversaries are looking to use this trend to their advantage with a variety of malicious attack scenarios that aim at individuals, commerce and public sector entities alike.

From an organizational perspective, it gives us an opportunity to take a step back and look at the security posture for this new normal that we will embrace from here. We should make it more adaptable to not just the threats of today, but also for the bigger challenges of tomorrow. We have threat activity data to help us keep making informed decisions.

