Looking back, no single year has altered the threat surface and security posture of organizations quite as drastically and rapidly as in 2020. With the business world turned upside down, we saw working remotely go from the exception to the norm, and even a legal requirement for many during the shutdowns and stay-at-home orders experienced worldwide. For some organizations the transition was simple, for most it was a herculean effort for their IT teams and a rapid shift that they weren’t prepared for.
In Dell Technologies’ 2020 Digital Transformation Index research conducted by Vanson Bourne, the findings show that security concerns continue to be a top barrier for enterprises. Compounding those concerns, according to recent research from the Cyber Risk Alliance and Proofpoint, over three quarters (76%) of IT leaders saw an increased cyber risk exposure to their organizations due to employees working remotely, yet 54% of those surveyed said they expect to have a permanent work-from-home workforce six months from now. The risks may be higher, but for many the trend is here to stay.
While the focus in the first half of 2020 may have been on quickly enabling remote workers, as we see the situation becoming more permanent in 2021, the priority is now shifting to ensure that security policies and defenses are shored up to protect organizations from threats designed to exploit remote working. In this blog, I share important tips for both organizations looking to adapt their security to this new normal, as well as for remote employees to stay safe while working remotely.
Steps Organizations Can Take to Improve IT Security
1. Protect your endpoints
Organizations’ first priority should be securing all employee devices. This means first and foremost gaining visibility and awareness over all the devices being used, ensuring they have all the necessary security controls in place and are continually maintained with the latest patches and software updates. Some of the key controls include multi-factor authentication, data encryption, anti-malware, firewall and data leakage prevention.
2. User awareness and education
When users are working outside the walls of your secure physical environment, they become targets and their actions can mean the difference between a normal day and a cybersecurity disaster. New cultural changes take time to embed themselves as routine and require new teaching and learning requirements. Organizations should conduct regular training and awareness programs informing users about how to spot and respond to threats and also how to better secure their home networks.
3. Bolster incident response capabilities
When employees and their devices aren’t all under one roof, responding quickly and effectively to a security incident can be more complicated. It is critical that initial IT issues do not spread and lead to widespread damage or loss of data. The remote working model means that IT teams should put contingency plans in place to make sure infected devices are addressed immediately. From a cloud and multicloud perspective, organizations need to gain ‘single pane of glass’ visibility over all their clouds environments and identify any gaps or inconsistencies in settings or policies before disaster strikes, and have a plan in place to keep any cloud-born incidents contained. A step-by-step playbook with frequent incident response training for all the stakeholders is key to effective incident response preparedness.
Steps Remote Workers Can Take at Home
1. Recognize your risks and your responsibilities
It’s easy for cybersecurity to fall down the list of priorities when you’re heads-down on a big project or juggling a busy schedule. Cybercriminals know this and that’s why 90 percent of corporate data breaches in the cloud happen due to social engineering attacks which target employees (Kaspersky Lab, 2019). With attacks such as email phishing, just one thoughtless click on a harmless-looking link can mean disaster for your company. When you’re working remotely, take time to engage with your company’s cybersecurity training programs and think twice before clicking on questionable links or opening unexpected attachments.
2. Protect your own network
When you’re working from home, your router is your connection point not only to the outside world of the internet, but also to your organization’s corporate network. Make sure that your WiFi connection is using the strongest level of encryption, usually called WPA, and be sure to change any default administrator passwords. It’s also a good idea to perform some degree of network segmentation by connecting any Internet of Things devices, like smart lights, speakers or appliances, to a separate network on your router. That way, any external threats won’t find their way in to compromise your organization’s network.
3. Keep it strictly business
One of the simplest yet most powerful behavioral changes you can make to bolster your cybersecurity levels is by keeping your digital personal life and your work digital life separate. Even things as basic as checking your personal emails on a corporate device can introduce all kinds of new external threats to the business. Any personal use should be limited to your own devices, and refrain from letting any other family members use your corporate-owned device.
The Silver-Lining of 2020 – Better Security Awareness
2020 has certainly been a learning experience for everyone, and when it comes to security, it has forced many organizations to re-think their entire strategy and their understanding of where the risks truly lie. Whether we’re talking on-premises data centers, private cloud or multicloud environments, the number one exploit used by cybercriminals is the path of least resistance: people. You need to consider that your security perimeter is no longer a corporate network fortress: It is wherever your employees are – or, in the case of cloud computing, wherever your data resides. If there’s a silver-lining from this past year, it is that those businesses who were slow to adapt to the new cybersecurity model have now realized the importance of a proactive — rather than reactive — approach to security, and they will go into 2021 stronger and more secure than in 2020.
A comprehensive security strategy with clear visibility across your entire IT landscape is the cornerstone for building trust and transparency in the cloud. At Virtustream, we’re dedicated to providing our customers with the highest levels of security and compliance to protect your enterprise in the cloud. Find out more here: https://www.virtustream.com/trust-center/security