Zero Trust in the “Anything but Normal” Environment

A Key to Enhancing Cybersecurity & Teleworking In the Pandemic

By Thomas K. Billington

The outbreak of COVID-19 has forced us into full teleworking mode, virtually overnight. But what does that mean for the security of employees, customers, data, and business systems? Security leaders discussed best practices in keeping employees, customers, data, and business systems secure during the Billington Cyber Virtual Roundtable on April 15th.

Following the health and economic crisis, companies are now being forced to implement zero-trust principles at a rapid rate. “There’s no time to think it through,” said Wendy Nather, Head of Advisory CISOs at Cisco’s Duo Security, during the call. “We don’t know when this will be over,” meaning that businesses should implement their zero trust principals with the anticipation of those policies being permanent.

You can now see the article about this summit at Zero Trust Isn’t a Temporary Band-Aid for Remote Security.

During the roundtable, John “Four” Flynn, chief information security officer at UBER, said that the recovery timeline for COVID-19 might be W-shaped—meaning that employees will be transitioning between working from home and in an office. “We’re looking at something that’s anything but normal,” said Flynn. Companies need to prepare for these uncertain movements. 

Greg Touhill, the first U.S. CISO and the current President of AppGate Federal Group, agreed that there’s a broader shift happening and businesses may never go back to the way they operated pre-COVID. “BYOD [bring your own device] is now the reality and will continue to be in the future, because I don’t think we’re going back to that type of work environment that we used to be in,” said Touhill. 

Security leaders touched upon these tactics and more during the virtual roundtable.

  1. Adopt a Zero Trust Policy
  2. Go back to cyber hygiene – enable 2-factor authentication
  3. Know all the devices your employees and contractors use to connect with your company or organization
  4. Consider physical threats while offices unoccupied
  5. Keep communicating regularly to colleagues at all levels of your organization, reminding them of protocols and alerting them to new threats

Stay up to date with the latest on teleworking cybersecurity during COVID-19 by following @BillingtonCyber and #BillingtonVirtual on Twitter.