JULY 27, 2020
- More employees are working from home than ever before due to the coronavirus.
- Security chiefs from McLaren, Revolut, and Facebook explained what they’re doing to keep their companies safe during the lockdown.
- Measures range from using privacy screens to extra vetting on new staff.
Companies have spent years figuring out how they can protect their staff from hackers when they come to work. It’s a tricky task and hackers are always coming up with new ways to penetrate defenses.
The job has only gotten harder as a result of the ongoing coronavirus pandemic, which is forcing companies to adapt and come up with new security measures.
More staff are working from home than ever before. Some companies have told employees they won’t be returning to the office until next year, while others like Twitter have told staff they can work from home forever if they want to. But WFH’ing presents a whole new set of challenges for businesses looking to keep their workforces and their company secrets safe.
“As people moved to working from home, many adopted insecure practices that will eventually be exploited,” Blackberry Chief Technology Officer Charles Egan told CNBC.
Egan said the “attack surface” increases dramatically when company activity moves into remote locations. He added that there are “many more eyes exposed to sensitive data” and the “controls available to companies are limited.”
Some companies have already been caught out during the pandemic.
Last Week, hackers targeted the Twitter accounts of 130 high-profile people including Tesla CEO Elon Musk, Amazon boss Jeff Bezos, Microsoft founder Bill Gates, U.S. presidential candidate Joe Biden and former President Barack Obama, as well as the corporate accounts of Apple and Uber.
Meanwhile, budget European airline easyJet said in May that a “highly sophisticated cyber-attack” affected approximately 9 million customers.
Racing the adversaries
In order to facilitate remote working, McLaren Group, best known for Formula 1 racing and supercars, has embraced Microsoft Teams and several other cloud services.
Karen McElhatton, Group CIO at McLaren, told CNBC that traditional security — creating rules for what the workforce are allowed to do and blocking anything out of the ordinary — gets “thrown out of the window during extreme events like these,” and that can leave companies vulnerable.
McLaren has been using artificial intelligence-powered software from U.K. cyber firm Darktrace to protect itself from hackers.
“Darktrace’s AI is not trained on historical data — it works on live data in real-time, learning and evolving with McLaren as we transitioned to remote working,” said McElhatton.
“But crucially, AI is very good at handling uncertainty and change — it learns what is normal and then relearns it, and relearns — so it is constantly re-evaluating its assumptions. So, as we transition again and have a more dynamic workforce than ever before, AI is keeping up with this fast changing environment.”
Philip Edwards, the global head of security at fintech app Revolut, told CNBC that business continuity plans have been put into place at Revolut in case key members of staff lose their internet connection at home.
Revolut has also “tightened” its background checking on new employees and introduced measures to monitor new hires that must now be onboarded remotely.
Staff at Revolut are also being urged to be extra cautious and use privacy screens when working from home or in public areas where “unknowns” exist.
Some companies say they have had to make very few changes.
Facebook Security Engineering Director Chris Bream told CNBC that Facebook’s systems have been built to operate in a “zero-trust network environment globally.”
He added: “This corporate security model allows our teams to work from home securely no matter where they are, so physical boundaries don’t matter as much for security.”