Introduction
Remote work is a practice made possible by various technological advances in communication. Unfortunately, the same advances brought new risks for companies practicing remote working and respective challenges for their security. Consequently, this paper will first highlight the risks associated with remote working. Then, it will focus on possible cybersecurity measures to protect companies’ data, using the NIST Cybersecurity Framework to exemplify cybersecurity’s role in remote working.
Discussion
Allowing remote access to the company’s data and systems is essential in remote working. However, the remote working practice creates numerous compelling opportunities for cybercriminals. Firstly, many employees use less protected personal devices to remotely access the server or directly download company files in their private Wi-Fi networks (Škiljić, 2020). Secondly, remote work implies weaker control over a human factor due to so-called “home- distractions” (Škiljić, 2020). Finally, implementing cloud technologies to support the remote workforce creates additional security risks as it divides the security control between companies and cloud providers.
Cyber threats have become even more concerning in the face of the recent pandemic. Due to the need to maintain social isolation, many companies had to urgently implement remote working practices. In this context, the NIST Cybersecurity Framework (CF) can serve as a reliable guide for a cybersecurity system establishment (Gordon et al., 2020). According to Weil & Murugesan (2020), this framework represents “a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks” (p. 5). It consists of five primary domains: Identify, Protect, Detect, Respond, and Recover (NIST, 2018). They provide a high-level strategic overview of an organization’s cybersecurity risk management lifecycle.
The first domain develops the foundation for CF’s effective and meaningful use. In particular, it focuses on the organizational understanding of cybersecurity risks, data, assets, and capabilities management (NIST, 2018). Regarding remote working, this domain would stress the difference between home and office levels of protection for employees. The second domain resembles the ability to deal with the impact of a potential cyberattack (NIST, 2018). It would include establishing antiviral and firewall protection for home devices. The third domain focuses on preemptively discovering potential cybersecurity events (NIST, 2018). In other words, it would constantly scan the home device or network for weak links or unexpected program behavior. The fourth domain is responsible for the system’s ability to contain a cybersecurity incident. For instance, it would mean undertaking swift and decisive quarantine actions regarding the detected malware (NIST, 2018). Finally, the last domain aims at a system’s timely recovery to normal operations, reducing the intrusion impact (NIST, 2018). It would follow approved resilience and capability restoration plans for home devices impaired during a cybersecurity incident.
Conclusion
Cybersecurity’s role in the practice of remote working proves to be essential to data protection. Remote work creates many opportunities for cybercriminals as it weakens the overall data protection level. In response, companies enhance their security measures according to cybersecurity frameworks, such as NIST CF. Consisting of five domains – Identify, Protect, Detect, Respond, and Recover – CF establishes and maintains control over the companies’ cybersecurity lifecycle, decreasing the chance of potential security breaches.
References
NIST. (2018). Cybersecurity framework. Web.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2020). Integrating cost–benefit analysis into the NIST Cybersecurity Framework via the Gordon–Loeb Model. Journal of Cybersecurity, 6(1), tyaa005. Web.
Škiljić, A. (2020). Cybersecurity and remote working: Croatia’s (non-) response to increased cyber threats. International Cybersecurity Law Review, 1(1), 51-61. Web.
Weil, T., & Murugesan, S. (2020). IT risk and resilience – cybersecurity response to COVID-19. IT professional, 22(3), 4-10. Web.