For many years, working from home had largely been optional until the COVID-19 pandemic. What was once an aide to increasing flexibility and productivity is now a necessity to ensuring business continuity and employee health.
This rapid remote work adoption has delivered many new realities to organizations. Businesses first had to focus on equipping employees with devices so they could get back to work.
This meant rethinking the IT lifecycle by transitioning to cloud-based provisioning or virtual desktop infrastructure — or deploying new systems and expanding access methods for displaced employees.
The result had a major impact on the security perimeter — shifting it from the four walls within on-premises locations to various endpoints and changing the mechanisms by which data is controlled and security measures are implemented.
Your data is no longer safely within the four walls of your physical office space. For some, this isn’t a new concept, but many organizations are doing this at a scale they’ve never reached before.
Throughout my decades-long career in security, I’ve come across organizations that call their security posture good enough after deploying anti-virus software and a firewall, while others deploy complex and costly defense strategies. As situations change, it’s important to review and ensure that security controls are appropriately aligned with current needs.
The ISACA, an international IT governance association, surveys its global members to reveal security trends each year. The 2020 annual report showed that 32% of its respondents experienced an increase in cybersecurity attacks. The top three threat actors include cybercriminals, hackers and malicious insiders, with the top three attack types consisting of social engineering, advanced persistent threat and ransomware.
With the security perimeter extending to hundreds of insecure remote locations, it’s more important than ever to implement or reinforce good endpoint hygiene practices.
That means leveraging endpoint and user-focused solutions, such as:
Integrating these solutions into an environment might not be possible due to budget or resource limitations, so work with a security partner who can help ensure the successful adoption of the right mix of solutions.
Although critical, deploying security solutions isn’t the only way to protect your business from cyberattacks. Phishing — fraudulent attempts that try to gain information or access to your environment through email and social engineering — is a common tactic that too often works.
Phishing is an effective tool because it can easily circumnavigate your existing security measures.
A successful phishing scheme will lock your system with ransomware, or the cybercriminal will walk away with personal and financial data. The result could go beyond monetary damages and harm your reputation among customers and employees.
Prevention is best approached by training your staff on how to identify and avoid phishing attacks. You’ll want to provide security training to staff on a regular basis so that the best practices are fresh in their minds, but not so often that they drown out the information. Providing training every six to 12 months is seen as an effective cadence.
There are many solutions your business can adopt to safeguard its IT systems and data — as well as different price points and capability mixes to consider. This makes it important to work with a partner to find the best-fit solution.
As a security consultant, I work closely with clients to understand their business objectives and how IT supports those goals, so I can direct them to the best solution available. When the client effectively secures their environment while reducing complexity and management burdens, I’m successful in doing my job.
Cybercrime represents an evolving security threat, whether the data perimeter encompasses remote or on-premises locations. You need to work with a partner who can help you manage, monitor and defend against the threats that exist today and well into the future.
It’s increasingly looking like having a mix of work-from-home and on-site staff will be a norm well into the future, thanks to the many productivity and cost benefits business leaders are seeing. Therefore, it’s critical to stay up to date on the latest IT trends, especially as they relate to cybersecurity best practices.
One of the best steps you can take is to identify a trusted security partner who can help you navigate today and tomorrow’s security challenges. As we’ve learned through these times, staying vigilant and prepared is one of the best ways to ensure safety.
At Insight, we have a full-service security team that can help clients navigate the many solutions and services options available. We provide policy direction, vulnerability and penetration testing, audits, incident response, managed services and more to accomplish that aim.