With the COVID-19 pandemic forcing large portions of the workforce to shift to telework, CISOs need to rethink corporate policies on the use of video conferencing platforms and other communications tools, says Jeff Greene of the National Institute of Standards and Technology, who offers risk mitigation advice.
Greene recently wrote a blog post about the challenges of securing a newly mobile and remote workforce and how cybersecurity policies that worked for CISOs within the confines of an organization's physical walls no longer apply.
"The goal of any security policy or security tool that's going to be effective is ease of use because once you start making security too much of a burden, people just won't follow it," Greene says in an interview with Information Security Media Group
Critical security steps for a remote workforce, Greene says, include revising policies for use of teleconference access codes and PINs and improving the tracking of which employees are granted access to virtual meetings as well as who has access to sensitive data.
In the interview (see audio link below photo), Greene discusses:
- The lack of basic security policies for telework at many organizations;
- What security challenges video conferencing platforms and other communications technologies pose;
- Which new threats pose the greatest risks;
- Why shadow IT is a growing concern.
Greene is the director of NIST's National Cybersecurity Center of Excellence. Previously, he was vice president of global government affairs and policy at Symantec.
Read more at: Bank Info Security