This pandemic is hitting hard on people and businesses around the world. While people are still struggling to overcome the situation, some businesses found ways by adopting some of the technologies that are beyond our time.
To overcome the Global pandemic and ensuring the safety of every employee, organizations have adopted the Work from Home facility for their employees. Work from home has gone from being a once-in-a-while choice to being the new standard. Many companies have made it official that they would encourage employees to work from home permanently.
Companies used to have a network-based perimeter to secure, around their office for their data and other IT properties. The perimeter-based defense was the most common form of security in the past. Firewall-based security trusting the perimeter that everything within is
safe. A connection from an external. With time and technology, attackers proved that wrong. The organization had to bring security for data in rest, data in transit, internal networks, devices, and much more.
We have come a long way from there to maintaining security for remote users and devices. Increased number of Remote users, BYOD, Cloud, etc. made the earlier modes of security ineffective. Organizations had to grant permissions to such users and devices.
But permissions for such connections with an implicit trust to any user weakens the company’s security posture. Some of the mistakes that can cost a company more than anything while implementing security for remote users are:
The cyber-attacks follow an upward trend as we can see in the report made by Hackmageddon. With employees accessing official systems and files from remote networks, the organization’s attack surface has widened. Technologies today are Smart. But with human interactions, chances of new vulnerabilities are high.
Studies say that 68% of the breaches happened, took more than months for the organizations to discover it. This emphasizes the importance of instilling cybersecurity knowledge in every employee.
Otherwise known as perimeter-less security, is an approach to securely implement IT systems. The main concept is to trust no device by default. The three pillars of the zero-trust model are:
Analyze the business and risks by coordinating with respective teams to rethink the cybersecurity budgets and prioritize improving cyber strategy and budget.
Cybersecurity is not just some rules for employees to follow. It is a culture that should be integrated into your workplace.
Ensure proper reviews are conducted periodically on the access controls, threats, and vulnerabilities across the Active Directory (AD) and systems.
Every organization was pushed to adopt the “Work from Home” method for the safety of their employees with limited time in hand to think about the ways to implement Data security along with it. As a responsive employee, before clicking on any links shared from an unknown source, visualize a big picture of what situation you will be in if you do so.
Some of the things you can do to ensure your data security are:
Attackers have millions of passwords that are commonly used, which might include yours as well. Make sure you have a unique healthy password that is uneasy to guess and activating MFA verifies that you are who you claim to be.
Make sure to update and install patches more often. Not only for your system but also for your mobiles and non-corporate devices in which you access your emails and stuff.
Know that an average home network is less secure than an airport, hotel, or mobile network. Never connect your official laptop to any public Wi-Fi. Keep your firmware up to date and change your passwords and default settings to a secured one. Check out the recommendations on keeping your Wi-Fi secure by TP-Link and Lifehacker.
With remote working, it is widely seen that many are mixing up both personal and office laptops. Avoid handing over the official laptop to any family or friends in any situation. Even accessing any of the social media from a business laptop might help an attacker to connect the dots and fake your identity.
In a team meeting where you share your screen, ensure that all unwanted apps are closed and no tasks other than what you need to present are running behind.
Since phishing is the most popular cyber threat, check the sender’s email address whenever you receive a new email. Validate its credibility. Always access your banking profiles directly from the website, not through any links you receive. No matter who shares it.
While taking a break, lock your system for the safety of your data. Even a glimpse of what you are doing while you have a tea or bathroom walk will help someone to use it to pose a threat. This rule was a must-be-obeyed one when you were in office and keep doing that while you are at home as well.
Following these steps will keep you safe from the most common security risks. Just following these alone will not do though. Keep yourself up to date with the evolving cyber threats and patches releasing.
“An internet-wide scan carried out by security researchers from Rapid7 had discovered over 11 million devices with 3389/TCP ports left open online, of which over 4.1 million are specifically speaking the RDP protocol.”
Information security is no longer an IT team’s responsibility. You should realize that you don’t have to be in an IT or Security role to contribute to your company’s overall security.