In the wake of the COVID-19 lockdown, it is becoming evident that working remotely will remain a permanent feature of the business landscape. With this in mind, consider the fact that your enterprise is more exposed to security threats than ever before, so it is imperative that the right measures are in place protecting sensitive information. And here’s the good news. Being secure doesn’t have to come at a great cost, but instead rests heavily on putting in place the right foundations.
While it’s easy to get caught in the doom and gloom caused by the coronavirus, we find ourselves incredibly well equipped with laptops, mobile phones, internet and of course cloud computing. This has enabled a rapid pivot to ‘work from home’ for most companies, maintaining productivity even in the most extenuating circumstances.
But the ‘other’ viruses, as we know, haven’t stood still. While estimates vary, up to 350,000 new pieces of malware are created every day. Far from pranks, malware today most often seeks to disrupt and extract payment either through ransomware or a wide range of trickery involving social engineering. Should your company suffer a breach, there’s the spectre of lost productivity, anxiety, and reputational damage, adding to potential financial consequences.
When you bring together a highly developed threat environment and the new reality of working from home, the simple fact is that you are now more exposed. There are more attack surfaces as your enterprise extends into the homes of staff members (and wherever else they might choose to work). Laptops, mobile phones, and tablets are a window into your affairs – and should any of these devices fall into the wrong hands, the window should be thoroughly barred.
And of course, there is ample technology to make it so.
Start with people, policy, and process
But while it is tempting to think of information security as primarily a technology issue, it is first and foremost a people problem (we call it the Human Firewall) with more than half of local security breaches caused by human error. It’s also a process issue. And both those legs need the support of a third, which is where technology comes into the picture (read more at Forbes).
When it comes to people, everyone in your organisation has a role to play. The chain really is only as strong as the weakest link, so you must activate your Human Firewall by providing every staff member with security awareness training, with regular follow-ups or refreshers highly advisable.
It should also go without saying that security awareness must revolve around your company security policy. Don’t have one? Get started with a free guideline from CERT. If do have a policy, now is the time for an update, reflecting new ways of working which may last well into the future. The same applies to employment policies, of which security is generally a subset.
Here’s a useful tip, too. When designing your company security policy, don’t merely stick to the ‘what’ people are expected to do; go into the ‘why’. This helps provide context of the reasoning behind the procedures and processes. When people know why they are expected to perform an action, they are more likely to be on board.
Targeted technology support
In terms of technology, there are at least two relatively simple measures you can take to ensure every window into your enterprise is fitted with impenetrable burglar bars. A Virtual Private Network provides convenient and secure access to company data and applications; VPNs don’t cost much but provide a practically impenetrable ‘tunnel’ which ensures safeguard of your data.
Then there’s Multifactor Authentication, or MFA, generally implemented as 2 Factor Authentication (2FA). This combines two methods for logging people into your networks and applications. The first factor is the standard username and password. The second generally uses the mobile phone, to which a text containing a code is sent. It takes both factors before anyone is let in, proving a further layer of security most consider about as close to bulletproof as you can get.
Again, both these measures are rapidly introduced and don’t cost a bomb.
But remember, these are only supporting measures for a sound security posture, which must start with people and policy. As we’re all likely to maintain social distancing and work from home as much as possible into the future, now is the perfect time to review your policies (including your company security policy), and update as necessary.
Find out more about the Human Firewall here.
Philip Adamson, Managing Director, Outsource IT
Back to all articles
