How the pandemic is affecting cybersecurity

Even before the pandemic, businesses had begun to put in place elements to manage distributed employees, such as corporate remote desktop or virtual private networking (VPN) capabilities. This, however, was not done on the scale or at the rate required to manage the disruption caused by COVID-19.

Companies were suddenly confronted with an influx of connectivity challenges that they needed to overcome in order for their employees to remain productive. Furthermore, support teams were now responsible for managing access to critical systems, which were primarily hosted on-premises within the relative safety of their own corporate network. In many cases, this necessitated the implementation of additional VPN licenses in order to manage these additional external connections through their own firewalls.

The security elephant

However, this raised serious security concerns. A VPN does not offer any form of security. It is simply a connection to the firewall through which users can authenticate themselves. However, many employees were reliant on their personal devices to work during the lockdown. Businesses then had to consider how to secure these personal endpoints that would eventually be accessing their corporate networks via VPNs. This added to the complexity and security challenges.

Without proper endpoint protection (beyond relying on an anti-virus solution), the organization remained vulnerable.

This is where a hardened endpoint protection solution that installs a small firewall on every employee’s device in accordance with the company’s security policy comes in handy. Such devices notify the IT team if an infection has occurred while attempting to prevent it from spreading across the network regardless of the user’s geographic location.

Zero Trust

All of these challenges have invariably prompted businesses to consider additional security hardening measures, such as moving toward Zero Trust. This boils down to not automatically trusting any device or user. While this is significantly more secure for any organization, it is critical to ensure that all third-party software, such as ERP and CRM, is technically compatible with these tools.

It’s been a delicate balancing act between Zero Trust and reducing the complexity faced by end users who aren’t always in the office. The ability of teams to collaborate while working remotely was also taken into account. One of the defining technological moments of the last two years has been the emergence of Microsoft Teams to address this.

The ability to share data and communicate more seamlessly with people in the organization from a centralized environment has significantly accelerated the adoption of Microsoft Teams.

Keeping everything safe

In this digitally driven world, Microsoft has been influential in driving the agenda around security. Multi-factor authentication should be prioritized by businesses (MFA). This has become the foundation for all user authentication and the foundation for proper digital security.

MFA allows businesses to identify users by adding an extra layer of security that requires the user to verify themselves in addition to their traditional username and password. This is accomplished through the use of a one-time pin sent to their mobile phone or the Microsoft Authenticator application. This ensures that the person behind the screen has the authority to access the data.

This authentication provides the company with an additional guarantee that the user has been correctly identified and can thus be managed more effectively. As a result, if a device and/or their username and password have been compromised, the additional MFA will ensure that an unauthorised user cannot access the company’s network.