CIS Logo
tagline: Confidence in the Connected World

3 Hurdles CISOs Face Securing Virtual Office Environments


CISO-virtual-environment-1200x627In these unprecedented times, CISOs face many hurdles in securing virtual office environments. Indeed, in some organizations, virtual environments did not exist previously, or were minimal at best. With so many employees working from home, there is less visibility into the employees' surroundings, and therefore the exposure of sensitive information is at a higher risk. So what can a CISO do to navigate and promote a more secure virtual office environment? Here are three of the top risks and remediation strategies for CISOs today:

1. Increased Social Engineering Attacks

From hypothetical COVID-19 treatments, to stimulus checks, to a variety of insurance offerings, cybercriminals are using social engineering attacks to victimize the unwary and gain sensitive information. These commonly manifest as phishing or spoofing attacks. Accordingly, CISOs should remind their organization's employees to be cautious when receiving and responding to emails, texts, instant messages, phone calls, or other communications.

Send teams simple tips and strategies promoting best practices while working in a virtual office, such as:

  • Be doubly sure of the authenticity of any unsolicited communication
  • Check before clicking on unfamiliar links by hovering over and verifying the address
  • Be cautious of unknown attachments
  • Double-check message headers and IP addresses
  • Remember that executive level positions with financial control are the most frequently targeted and/or impersonated

2. Relaxed Home/Work Environments

With the lack of a dedicated office workstation, employees are likely to improvise and use personal devices such as smart phones, laptops, printers, etc. Therefore, a policy regarding the use of corporate devices versus personal devices should be defined and communicated to all employees. This should include:

  • Multi-factor authentication (MFA) to provide an additional layer of security based on a combination of knowledge, possession, and inherence (i.e. something you know, something you have, something you are).
  • Situational awareness
    • There is a potential for the split in focus for individuals (life/work balance in the same location) to lead to lax security practices within the home. Children and pets love technology.
    • Be cognizant of possible work-arounds and shadow IT within a home work environment where attackers could gain access.
  • Patches and updates to address security vulnerabilities and ensure that devices are protected against known threats.
  • The enabling of firewalls and antivirus programs to block malicious traffic and malware.

3. Unsecured Personal Network Technology (WiFi)

Employees may not have the proper protection on their home networks. Therefore, work with employees to help create a more secure environment and understand the various use cases. Make sure employees have appropriate connections and controls. Some strategies are to:

  • Change default network passwords
  • Use strong authentication mechanisms, such as passphrases
  • Employ a VPN, preferably a corporate VPN, or a virtual secure hosted environment.

By implementing a strategy to secure the virtual office environment, CISOs will help both organizations and their employees stay safe and stay secure.

For a more detailed list of actions CISOs can take during this ongoing health emergency, including relevant CIS Controls, download the CIS Resource Guide for Cybersecurity During the COVID-19 Pandemic.