Some important things to keep in mind these days:

1. Attackers are taking advantage of millions of additional points of remote access any way they can: more scanning, more phishing, more brute forcing.

2. Many orgs who can’t afford remote access software are putting in the cheapest and easiest they can find, which will make it easier for #1 above.

3. Many orgs will assume this is a temporary situation so they can cut corners. It’s not, and they shouldn’t. No matter what happens, we will have more teleworking in the future than ever before. We need to build the infrastructure to last.

4. With work life and personal life so completely blurred at home, employees will rightfully worry about employers’ control measures encroaching on their privacy. We have to re-examine and re-negotiate norms.

5. Some risk assumptions have to be re-examined as well. For example, a shared biometric fingerprint sensor isn’t as safe a factor any more as an individual phone or hardware token.

6. Authentication, onboarding, offboarding, and authorization workflows that assumed physical proximity all need to be re-engineered.