The novel coronavirus pandemic has forced millions of employees across the globe to work from home. ‘Work from Home’ not only helps to contain the spread of the virus but enables businesses to maintain continuity of critical business operations. How do you see the role of technology in enabling remote working for businesses? 

With the extension of the lockdown to ensure the safety of our people, Microsoft’s top concern continues to be the well-being of its employees and supporting customers and communities in dealing with the impact of the COVID-19 outbreak.

We believe that technology has a crucial role to play in accelerating progress for solutions to the pandemic. Please refer to the blog written by Rajiv Sodhi which elaborates on maintaining business continuity. Further, you may also refer to Satya Nadella’s blog on Coming together to combat COVID-19 to know more about Microsoft’s view on the role of technology in the era of COVID-19.   

For further details, please see the following blogs:

• Making it easier for your remote workforce to securely access all the apps they need, from anywhere
• Enhancing VPN performance to enable remote work

The work from home culture while crucial during extremely critical situations of this type, also leaves businesses, particularly SMEs and SMBs that do not invest much towards cyber security vulnerable to security attacks. What do you suggest to these businesses to effectively combat cyber threats? 

Small and medium-sized businesses (SMBs have been heavily impacted post the outbreak. We are already witnessing their entrepreneurial spirit in action as restaurants have pivoted to delivery businesses, in-person services have swiftly switched to digital solutions and online retail stores have gone online overnight.

We understand that SMBs can’t afford to be out of touch. They need to continue to service existing customers, pitch for new business, meet employees and do whatever it takes to keep their company running. That’s why we’re making Microsoft Teams available for everyone, even organizations that don’t have Office 365.

While employees in this new remote work situation will be thinking about how to stay in touch with colleagues and coworkers using chat applications, shared documents, and replacing planned meetings with conference calls, they may not be thinking about cyberattacks. CISOs and admins need to look urgently at new scenarios and new threat vectors as their organizations become a distributed organization overnight, with less time to make detailed plans or run pilots.

As a leader in security, Microsoft processes more than 8 trillion security signals every day and uses them to protect you from security threats proactively. In Teams, we encrypt data in transit and at rest, storing your data in our secure network of datacenters and using Secure Real-time Transport Protocol (SRTP) for video, audio, and desktop sharing.

The single best thing all enterprises can do to improve security for employees working from home is to turn on multi-factor authentication (MFA): Employ MFA for all of the employees all of the time. It is crucial to remember that this works best if they also block legacy authentication protocols that allow users to bypass MFA requirements. If enterprises are unable to distribute hardware security devices, they can also use Windows Hello biometrics and smartphone authentication apps like Microsoft Authenticator.

While many employees have work laptops they use at home, organizations will likely see an increase in the use of personal devices accessing company data. Using Azure AD Conditional Access and Microsoft Intune app protection policies together helps manage and secure corporate data in approved apps on these own devices so that employees can remain productive.

For further details, please see the following blogs:

• Helping small and medium-sized businesses work remotely with Teams
• Work remotely, stay secure – tips for CISOs
• Top 12 tasks for security teams to support working from home

Maintaining data security is one of the major issues that businesses face when their employees are working home. Hence, monitoring of employees working from remote locations can help businesses ensure data security to a great extent. How can technology help them in terms of remote monitoring of employees? 

At Microsoft, privacy and security are never an afterthought. It is our commitment to our customers, not only during this challenging time, but always. Here are our privacy commitments in Microsoft Teams:

• We provide privacy and security controls for video conferences in Teams
• We safeguard our customers’ privacy by design
  • We never use Teams data to suggest ads to our customers
  • We do not track participant attention or multi-tasking in Teams meetings
  • Our customers’ data is deleted after the termination or expiration of their subscription
  • We take strong measures to ensure access to our customers’ data is restricted and carefully define requirements for responding to government requests for data
  • Our customers can access their data at any time and for any reason
  • We offer regular transparency reports on the Transparency Hub, detailing how we have responded to third-party requests for data
• We protect our customers’ identity and account information
• We protect our customers’ data and defend against cybersecurity threats
• We meet more than 90 regulatory and industry standards.

For cybersecurity, we’re using our AI and human intelligence capabilities to stop attacks designed to take advantage of the angst caused by the virus. For example, as part of a recent spear-phishing campaign, attackers created emails to look like legitimate supply-chain reports related to COVID-19. Office 365 Advanced Threat Protection identified and blocked the attack in transit and shared signals with the Microsoft Defender service to protect all our customers.

According to an estimate, 91 percent of cyberattacks start with an email, which either leads to malicious links directly or which contains dangerous attachments. That’s why the first line of defense is doing everything we can to block malicious emails from reaching employees in the first place. A multi-layered defense system that includes machine learning, detonation, and signal-sharing is key in our ability to find and shut down email attacks quickly.

If any of these mechanisms detect a malicious email, URL, or attachment, the message is blocked and does not make its way to the inbox. All attachments and links are detonated (opened in isolated virtual machines). Machine learning, anomaly analyzers, and heuristics are used to detect malicious behaviour. Human security analysts continuously evaluate user-submitted reports of suspicious mail to provide additional insights and train machine learning models.

As more organizations adapt to remote work options, supporting employees will require more than just providing tools and enforcing policies. There’s also the human side of all of this. Now is an excellent time to be diligent, so be clear on what official communications about business continuity and health and safety should look like and from where they should originate. Establishing a clear communications policy also helps employees recognize official messages.

Please refer to the following blogs for more information:      

• Our commitment to privacy and security in Microsoft Teams
• Work remotely, stay secure – tips for CISOs
• Best practices for maintaining cybersecurity for your new remote workforce
• Protecting against coronavirus themed phishing attacks
• Making it easier for your remote workforce to securely access all the apps they need, from anywhere
• For IT professionals: Privacy and security in Microsoft Teams