In this special edition of the Zero Hour podcast, we sat down with Aaron Pritz and Tim Sewell of Reveal Risk and talked about how companies are faring during the forced move to virtual work environments. Aaron and Tim dove into some of the unique security and compliance challenges that the digital workspace presents.
“Certain types of businesses may snap back to more of what they looked like before. But I would be surprised if there is a single company that wouldn't have had an “aha!” moment that they would apply to their steady state business.”
Reveal Risk, being a management consultancy specializing in risk, cybersecurity, and privacy, already had several of their clients across the US operating in safe and productive virtual work environments. “There were companies that have invested heavily in remote work prior, or even the flexible work spaces where you don't have defined desks,” Aaron explained.
“We've got some clients more focused on work in the office and they haven't really made a big push for remote work... They've got the most drastic change and some of the biggest learning curves to overcome.”
However, a significant number still had to deploy quick, drastic, and untested measures to adapt to the pressures of the pandemic. “We've got some clients more focused on work in the office and they haven't really made a big push for remote work,” said Aaron.
“They've got the most drastic change and some of the biggest learning curves to overcome, as they rushed to get laptops and new security setups and things like that to enable safety in work from home, as well as just rapidly standing up the needs to actually make it technically viable.”
Migrating to virtual work environments, especially in a hurried and unplanned manner, involves a lot of operational security risk management. “From an operations perspective, you've got two kinds of organizations,” Tim observed. “You've got organizations that are really comfortable extending trust, and then those that struggle to trust their employees to work remotely.”
“They leave this [video chat session] open the whole time during work, and if it shuts off, they don't get paid. But that just creates a real sense of distrust.”
Tim cites an example of a company that, as they transitioned to remote work, required employees to log in to a video chat session. They leave this open the whole time during work, “and if it shuts off, they don't get paid,” Tim explained. “That just creates a real sense of distrust. They're struggling to be productive both for technical reasons, because it's a lot of bandwidth that they're losing. Then there’s the workplace culture of ‘Nope, nobody's even looking at this feed.’”
“Even though you may not see a person for a couple, three days, there's trust that the work gets done because you can see the output.”
However, Tim also noted many modern enterprises showing more comfortability and trust with their employees in virtual work environments. “Even though you may not see a person for a couple, three days, there's trust that the work gets done because you can see the output,” he said.
Hardware issues like availability and compatibility can also pose serious compliance challenges in virtual work environments. In fact, these can create a cybersecurity gap. People end up either using their home computers or purchasing new devices from a store outright without going through the proper operational security risk management checks.
“If people are working in non-visible environments, that can increase or can cause some legal risk from that perspective.”
“I think as security practitioners, there's a lot of ways that you can do both of those things in the right way, but they do take some process and time. And time is really not what a lot of companies can afford. They'll rush to get out of the red, from a non-productive shutdown standpoint,” said Aaron.
“If people are working in non-visible environments, that can increase or can cause some legal risk from that perspective,” he added. “So lots of different risks to think about. But I think in this crisis, you've got to think about what are the most important things that you need to get right. And then stay with it as you figure out how to dial in the security as the crisis starts to subside.”
“Many businesses adapt collaboration channels to increase communication and collaboration. And when you're talking about sensitive content, that needs to be protected from unauthorized users.”
Tim remarked on how many businesses opted to adopt collaboration channels “to increase communication, to increase collaboration. And when you're talking about sensitive content, that needs to be protected from unauthorized users,” he added.
Aaron and Tim both weigh in on the idea of “returning to normal” after the forced transformation of certain enterprises.
“Certain types of businesses may snap back to more of what they looked like before. But I would be surprised if there is a single company that wouldn't have had an “aha!” moment that they would apply to their steady state business.”
“I think it's a little bit of a mixed answer,” said Aaron. “I think some of the learnings will be applicable going forward, and they'll want to keep some things in steady state and other things. Certain types of businesses may snap back to more of what they looked like before. But I would be surprised if there is a single company that wouldn't have had an “aha!” moment, or a positive silver lining through this that they wouldn't apply to their steady state business.”
“'No man crosses the same stream twice.' The second time he comes around, the man is different, and so is the stream. I think that's the situation we're going to find ourselves in.”
Tim, meanwhile, strongly believes that no one can “put the genie back in the bottle.” He cites an old proverb: 'No man crosses the same stream twice.'
“The second time he comes around, the man is different, and so is the stream,” Tim explained. “I think that's the situation we're going to find ourselves in with these new ways of working that we're discovering.”
You can listen to the podcast episode here. Or you can also check it out on Stitcher, Apple, and Spotify. The Zero Hour Podcast is the intersection of information security and business innovation. Learn from industry experts in cybersecurity, marketing, and business management. We talk about the challenges and opportunities that come with new technology. Join the conversation now!
See how SafeGuard Cyber’s digital risk protection platform discovers, protects, and mitigates cyberattacks. Reach out for a demo here.