The abrupt shift to remote work at the start of the COVID-19 pandemic left IT teams scrambling to arm workers with the right equipment, while rushing to address cyber security risks. As companies settle in for longer-term remote strategies, it’s important to seal up any potential vulnerabilities in your cyber security strategy.
Many companies take the approach that as long as the big areas are covered, a few minor gaps won’t cause major problems, but malicious actors are looking for exactly those types of gaps. Here are the strategies and best practices you need to put in place to protect your organization and address cyber security risks:
Implement Zero Trust: The zero-trust security model is the opposite of traditional approaches, which assume that everything that resides behind the corporate firewall is safe. Instead, zero trust assumes that a breach is always a potential event and verifies each request as if it has arrived from an unsecured network.
Under zero trust, the security policy is to authenticate and authorize each request for access. This makes it easier for you to detect and respond to any unusual behaviors. It is often paired with a strategy that applies the least privileged access for each user to reduce risk.
Recognize Employee-Related Threats: A report by IBM found that 60% of cyber attacks originated with an insider, either by mistake or intention. Your employees will make mistakes by opening a phishing email, visiting a malicious site, or using a compromised device. That’s before you even consider the employees that are deliberately compromising your security. Here are a few steps to reduce this threat:
- Utilize a policy that assigns least-necessary privilege. Limit your employees to the access they need for their job role, and limit what can be accessed from a personal device. Provide the right identity-based access and allow remote access if it is necessary, but also put authentication steps in place for critical data.
- Monitor and address unsecured devices. The risk of a stolen or lost device is one concern, but there’s also the risk of employees using an unsecured WiFi network. Prioritize installation control, update antivirus, and patch appropriately, use data wipe procedures and apply encryption for data both in rest and in transit.
- Offer training that uses the approach that cyber security is the responsibility of every employee. Help them recognize potential phishing attacks or scams, and implement a schedule that updates training often.
Ensure Third-Party Compliance: An important part of your cyber security strategy is the monitoring and management of risk associated with third-party providers. Those who have access to critical systems or sensitive data need to match the level of your policies to address cyber security risk. Common threats associated with third-party providers include the misuse of their privileges, outright data theft, and human error.
These risks can be addressed with a few steps, including establishing clear cyber security policies, limiting access through minimum-privilege policies, regular audits with ongoing monitoring, and a plan for third-party incident response.
Keep Patches up to Date: Delaying a security patch seems like a minor issue when you are addressing cyber security risks across a large organization, but patches are a critical defense against known attacks. Particularly for those workers still utilizing a home office, patching virtual private networks (VPNs), antivirus software and endpoint protection applications should be a priority for your security team.With all of the challenges of 2020 across the globe, one of the most pressing for IT teams was addressing cyber security risks. If you’re in an ongoing plan to better protect your organization, contact us at ITBroker.com. We can help you put best practices into place that offer superior protection for your devices, data, and systems.