Clear strategy and good communication is important

Security is a bit of a mixed bag for companies, now with the entire work from home situation. We reached out to Candid Wüest, VP of Cyber Protection Research at Acronis to ask about their company and policies surrounding how they had to tackle security issues in a hurry. 

What are the security issues that you had to address in a hurry when the pandemic hit the economy?
Fortunately, Acronis already had a global workforce that was used to working from home. But we heard from partner organizations that struggled with rolling out securely configured laptops to all their employees. To start with, they didn’t have enough hardware and were not able to get all devices delivered in time. In addition to this they found it difficult to configure them to ensure they could easily be used securely from home with minimal IT support.

How were you able to do this?
Having a clear strategy and good communication of the new policy was important. Reminding all employees how to handle sensitive data, where to store, what to install and which apps to use. Also, a refresher in email security awareness was important, as we had anticipated the surge in phishing emails making use of the COVID-19 fear.

With the onset of the pandemic and an increase in the use of user-owned devices what security policies did you have to implement?
We revisited and improved the policies for remote work and the audit plan for exposed services such as RDP and VPN. This includes a clear toolset for productivities with a securely configured video conference, a centrally managed and IT approved file sharing and collaboration platform, data privacy management and an adjusted backup plan for the remote workers that takes the limited bandwidth into account.

In a recent survey we conducted only 53% of global remote workers said that they received clear communication after having switched to working from home.

In addition to this, was there any specific training that needed to be conducted? How successful or efficient was this?
As a cyber-protection company, we know that cyber criminals exploit big news events such as the pandemic and misuse the fear of the users in order to attack them. We therefore performed a security awareness refresher for the employees and partners, to reiterate on the current most active threats such as targeted ransomware, phishing attacks or the risk of data breaches. But of course we also know that there will always be some users that click on the attachment no matter how much you train them, hence good technical controls need to be in places as well.

Have you seen any tangible security issues because of this pandemic? How did you counter them?
I do not recall any tangible security impact that occurred. But of course we have seen some IT departments struggle, as they were not allowed into the physical data centers and were not able to repatch connections or swap out defect hardware. We were fortunate to have been well prepared to tackle the situation.