- February 25, 2021
- Catagory Security
The ability to work anywhere was already driving cloud security trends before the pandemic hit, but remote work played a heightened role in 2020 and will continue to do so as employers maintain a hybrid approach to staffing—many will continue to work from home even once others return to the office.
That means many of the cloud security trends we’ve seen over the last year will continue for the foreseeable future, and the cloud will be part of the solution in securing proliferating endpoints.
Remote work has led to more attacks and shoring up of cloud security as endpoints proliferate. Mix in adoption of 5G networks and SD WAN, and you’ve got a recipe for even more attack surfaces that look tempting to hackers. Cybersecurity teams need see every endpoint connected to the network and how they impact cloud security as users connect to public services as well as those still run on-premises and some delivered by managed service providers.
Cloud security misconfigurations
As remote work remains a reality for many employees, it unfortunately means misconfigurations of cloud security will continue to pose a risk to the organization. Easily providing access to applications and data to many users and endpoints requires a robust security strategy that enables IT teams to see all the data traffic traversing its corporate network and across various cloud services. It’s critical that they understand who is responsible for securing what, as it can differ depending on the cloud service provider while improving identity and access management adding better cloud security controls. This should include the use of multifactor authentication to protect user credentials and help to avoid common threats such as phishing attacks.
Continued reliance on VPNs
Virtual Private Networks (VPNs) have always been an essential tool for enabling remote work, and they will continue to be necessary to enable employees to access the corporate network securely. Provisioning, maintaining, and securing them through robust encryption will continue to be a high priority task for cybersecurity teams as relying on consumer grade VPNs downloaded by home users for personal devices present too much risk to the organization.
Security awareness training
End user behaviour has always had an impact on cloud security, but as remote work continues, organizations must make sure they put time and resources into cybersecurity awareness training from the C-level on down. Every employee, including remote workers, must understand how data breaches and other security incidents, whether caused by threat actors or honest mistakes, can disrupt business operations and the resulting consequences.
The answer is in the cloud
As much as remote work poses a threat to cloud security, the cloud is likely to provide the solution. The traditional network perimeter has arguably been long gone for years with the rise of the cloud, distributed and global workforces, and the Bring-Your-Own-Device (BYOD) trend that is now par for the course.
Just as many applications and data now reside in the cloud, organizations need to transition to more security being delivered via the cloud, and that includes the securing of endpoints. Cloud-delivered endpoint protection platform (EPP) will become essential for safeguarding organizations that have a great deal of remote workers, even after many employees return to the office.
EPP will make it easier for you to protect any workstation regardless of location, whether it’s desktop or laptop computer, or a smartphone or a tablet. And while this may look like yet another time-consuming and costly cybersecurity implementation that must be undertaken, it’s something an experienced managed service provider can help you to cost-effectively deploy and manage to maintain both security and availability of applications and data as remote work continues.
- February 11, 2021
- Catagory training
A significant trend running parallel to cloud adoption has been the increasing use of open source software, and whether your applications and data on are on-premise or residing with one of the many cloud service providers, understanding open source technologies is essential.
A fall 2020 survey of 3,440 professional developers and managers conducted by O’Reilly Media and sponsored by IBM found that open source is maintaining and even increasing its influence. It’s become somewhat ubiquitous, with survey respondents expressing strong support for it in general and for specific skills in several open source technologies. For example, a whopping 94 percent view open source as being equal or better than proprietary software.
This preference extends to their cloud providers, with 70 per cent of respondents saying they prefer one based on open source technologies. Overall, those surveyed associate open source with more job opportunities, more professional opportunities, and higher wages. Linux in particular was highlighted in the survey as being an important technology, with 95 per cent of developers citing it as important to their career, as well as containers and databases. Linux is also highlighted as a critical technology for unifying hybrid cloud environments.
Given that containers and databases are critical enabling technologies in cloud environments, it’s not surprising that open source flavours are popular, especially as they can be spooled up quickly and easily.
Open source powers the cloud
Being able to rapidly and easily spin up computing, network and storage resources is enabling cloud adoption, so it makes sense that open source would ride its coattails, as it appeals to organizations looking to be able to respond nimbly to business requirements without expensive investments in on-site, proprietary technologies that eat up the time of in-house IT staff.
Another benefit of open source noted by the O’Reilly Media survey is vendors and cloud providers can rapidly apply updates, patches and other bug fixes, which improves overall reliability and security, while end users always have the latest and greatest applications on any device, especially mobile ones that use the cloud as their supporting backend. In the meantime, the cloud computing providers are also enjoying the same benefits of not being bogged now with licensing and administrative costs that go along with proprietary technologies.
As already mentioned, Linux is seen as a critical building block for unifying hybrid cloud environments as a common platform, and turn, innovation in the cloud is contributing to the development of the Linux kernel, which a collaborative process of millions of developers. Ultimately, open source technologies are what make the cloud possible.
Ensure you have open source expertise on tap
If open source is powering the cloud, and you’re at any stage of embarking on your cloud journey, then you need to think about the open source skills you have on staff as well ensure your managed service provider is making the same investments.
The O’Reilly Media survey makes it clear that developers and their managers are fiercely loyal to open source technologies, and that other third-party cloud services are increasingly turning to them to solve technical and business problems. In addition, the collaborative nature of open source means there is a constant loop back to improving and evolving open source technologies, particularly the Linux kernel. For businesses this means there are many benefits to being aligned with open source trends and acquiring relevant skills.
For developers and other IT workers, open source represents opportunities for professional advancement and interesting projects; for businesses, it means cost savings and agility because it reduces the potential for vendor lock-in. If you wan to realize the competitive advantages of open source, you need access to the right experts and skills, which not only means having those people on staff, but also accessing them through an experienced managed services provider.
Sanjeev Spolia is CEO of Supra ITS
- January 28, 2021
- Catagory remote work
The move to remote work nearly a year ago accelerated cloud computing trends that were already in play. With no quick return to offices expected in 2021, businesses of all sizes should plan to prioritize further cloud and Software-as-a-Service (SaaS) investments to support distributed workforces, while being mindful six key trends.
Cloud is enabling new ways of doing business
Moving to cloud computing or SaaS offerings isn’t just about getting on the latest technology bandwagon or saving money on capital or operational expenses. The cloud enables organizations of all sizes to do business better to make employees more productive across many departments, including finance, human resources and marketing, no matter where they are located. Cloud computing and SaaS also level the playing field to allow smaller business to compete with large competitors.
Security is a critical differentiator
Even with all these productivity gains from cloud computing and SaaS, the move to remote work as heighted the need for robust security, so organizations need to set aside time, resources and attention on their security strategy as to prevent breaches and disruptions that might impede any newfound productivity or cost them revenue through lost customers who lose trust.
Not everything will be in the cloud
Even as cloud computing and SaaS continue to take off to support distributed remote workforces, hybrid environments that mix on-site computing, storage, and services with public cloud offerings from vendors such as Amazon Web Services (AWS) or Microsoft Azure will become the norm, and everything will need to work together in concert, securely. Different providers will need to work together to as they each get spooled up to meet the specific requirements of different lines of business within an organization.
A spring cleaning of all compute resources
Organizations will begin to realize not everything that got migrated to the cloud needed to be moved, so even as cloud computing adoption will continue to accelerate, it’s become clearer which workloads need to be in the cloud, and which ones should be winding down, including any outdated data that goes with them, to be even more efficient and get the best bang for the buck from their cloud spend.
Training across the board: Getting the most from cloud computing while keeping it secure will mean investments in training for IT staff as well as raising the cybersecurity awareness of workers across the board as to adequately safeguard organizations as the era of remote work continues. Both cloud providers and their customers will want to make sure they’re providing both entry level knowledge of the cloud as well as creating advanced experts as a means to enable the business.
Consolidation of cloud providers
While it’s unlikely that an organization will want to put all their eggs in one basket—not all service providers are great at everything—they will want to keep the number of cloud computing environments and SaaS applications manageable. While larger enterprises will likely give most of the budget to the big players, smaller ones will likely want work with a local managed services provider that will prioritize their business and help the navigate all the emerging cloud computing deployment options and guide them on the necessary governance and security.
If 2020 was all about a mad scramble to support a remote workforce and iron out the kinks, then 2021 will be about looking to the future with new investment in cloud computing and SaaS offerings while building on the foundation that was put in place.
- January 14, 2021
- Catagory Security
It’s still open for debate as to whether remote work is here to stay for everyone, or if a year from now everyone will back in the office. Reality is probably somewhere in between, which means IT teams must find a balance between security and keeping employees productive.
In many ways, the Covid-19 pandemic accelerated trends already in play as better connectivity and cloud computing have made it easier for workforces to be more geographically distributed. Instead of corporate satellite offices with small teams, however, we have home-based offices of one.
IT teams need to assume that there will be at least a hybrid workforce for the foreseeable future and that security for remote work will continue to be a high priority. The trick is to keep the organization secure without impeding productivity.
Hybrid workforces work odd hours
The age of remote work is more than just applying security to more endpoints accessing the corporate network. IT teams need more management tools to support remote workers while extending support hours as employees embrace less traditional schedules to accommodate their home life. Digital workers are expected to embrace “time blocking” and “time slicing” to juggle all their commitments.
IT teams will need to bolster their own remote collaboration capabilities so members can work more efficiently with each other, but also with other departments, such as human resources to onboard new staff remotely. This includes provisioning new remote workers with corporate-issued equipment or configure their personal devices.
In addition to supporting remote work, we are likely to see a move toward “hoteling,” which is when employees book an on-site work site for a few hours or a day. These facilities must also be equipped and provisioned with connectivity and hardware, as well as maintained for cleanliness.
This hybrid workforce means IT teams must rethink how they deliver service to employees and view their relationship as partnership that supports productivity for everyone—this includes delivering a high-quality user experience that helps employees work better without compromising security.
Productivity should not compromise security
The trend toward more remote was always going to have security implications.
In the early days of the pandemic, the focus was getting employees productive at home. However, the price tag appears to have been a spike in malware incidents and other poor security behaviors. According to Wandera’s Cloud Security Report 2021, 52 per cent of organizations dealt with a malware incident in 2020 compared to 37 per cent in 2019.
The rise in incidents can be attributed to a more relaxed work environment for employees, who are likely using a single device for most of their online activities—personal and professional. Employees feel free to install whatever applications they want, whether it’s their device or one issued by the company. Adopting cloud-based and Software-as-a-Service (SaaS) applications also impact security as lines of business spin up apps for their own uses without oversight by the IT department.
Keep security simple to enable employees
As much as remote work has created new threats for security, the solutions for IT teams aren’t all that different.
Regardless of they work, security awareness training for employees continues to be a key tool for defending against threat actors. IT teams must engage regularly with users to remind them of how they should log into applications, which applications are approved by the organization, and how they should report an incident if it occurs. Employees should understand they play a role in protecting the organization and its mission-critical business information.
If IT teams are work in partnership with users to balance remote work productivity and security, simpler is better so that any solutions implemented enable a pleasant user experience. This encourages users to follow protocols rather than bypass them because they’re seen as a barrier to getting their work done.
Sanjeev Spolia is CEO of Supra ITS
- December 29, 2020
- Catagory Security
Penetration testing must be proactive, but many organizations often do theirs in response to an incident. Since the worst time to learn how to fight a fire is amid an inferno, the right security partner can help create an effective program to ensure regular testing that improves cybersecurity posture.
Before you even select a security partner for network penetration testing, you should set up guidelines for what might prompt such a test—and it’s not an emergency such as a data breach. Instead, think of milestones within the organization that might require a test of your information security. Aside from compliance obligations, common examples include a new web-based application that allow employees to access data remotely, a desktop or operating system refresh, or new network access points such as routers.
All these potentially can be misconfigured and present vulnerabilities that may not be immediately obvious to internal IT teams, who already have a lot on their plate.
Get a second security opinion
A security partner with deep and extensive penetration testing capabilities has experience that enables it to poke holes in information security and find vulnerabilities their customers won’t. It’s their business to be up to speed on the misconfigurations and current threats, including those in the latest software and hardware that might allow a threat actor to steal data or take control of a system.
An outside security partner can put together a penetration testing plan that considers your infrastructure, including new switches and servers, as well the motivations for doing the test: Is to meet compliance objectives? Satisfy a potential customer? Meet industry standards? If you’re not sure why you’re doing penetration testing but do understand it should be part of your information security program, a partner can help you understand the benefits.
Partner for the long term
Just as all penetration tests are created equal, neither are security partners who perform them, so you need clear selection criteria.
Ideally, you want partner with an organization over the long term, so you should take the time to evaluate the methods of a potential service providers, as well as the skill sets of the testers they employ. Understanding your compliance requirements to guide penetration testing is a good start, but you should work with your security partner to define your goals and make sure their capabilities are in alignment with them.
You also need to be prepared for them to find problems—set your ego aside. The whole point of penetration testing is to be able remediate problem areas and improve your overall security posture. Most of all, remember that testing shouldn’t be an occasional, scheduled, tactical activity to tick off boxes on a compliance checklist. It’s part of a broader exercise for protecting sensitive data and is a contributor to your competitive advantage—documenting and certifying your penetration testing can differentiate you in your industry and build trust and credibility with customers.
The right security partner can help you develop a penetration testing regime that’s driven by milestones in your IT environment as well as compliance requirements and critical business information that allows you to remediate threats iteratively and effectively.
- December 10, 2020
- Catagory Data Protection
The trick to protecting sensitive data is understanding not all business information must be protected.
Even organizations that understand the need for robust information security spend heavily on software and hardware without measuring its return on investment (ROI), only to still fail at safeguarding the most sensitive information that’s the lifeblood of their business because they failed to define what it is before apply security controls.
If you want to adequately protect your most valuable data, you must understand which business information is most critical to your bottom line.
Not all data is equal
It’s seems counter-intuitive, but the reason information security often fails to protect sensitive data is the mistaken belief that all information must be protected equally. Even before the pandemic and remote work became the norm, distributed workers, branch offices, mobile devices, and the evolving Internet of Things (IoT) meant organizations have had to become smarter about how they secure sensitive data. Now it’s more important than ever to make the business case for information security.
The business case isn’t a request for a bigger information security or more technology. Rather, it’s about identifying sensitive data, understanding its value, and being clear about what’s necessary to protect it. You need to operationalize a change in mindset that delivers ROI and protects the sensitive data that powers your business. However, it can be difficult for organizations to step back and understand what data is the most valuable when it’s growing exponentially.
One thing is for certain, however: Trying to protect every single bit of data equally isn’t cost effective.
Sensitive data must be defined to be protected
If organizations are to marshal their information security resources effectively, they must narrow their scope and define what constitutes sensitive information. While the definition can be guided by compliance and regulator obligations, it’s just as important to figure what data constitutes as a critical asset to the business.
Just as a fleet of trucks are critical assets for a transportation company, every business today has stored information that is critical to daily operations—that’s the sensitive data that must be protected. Otherwise, there are financial repercussions in the form of lost competitive advantage and fines for non-compliance, both of which lead to lost revenue, as do settlements from litigation and damaged reputations.
While compliance obligations and privacy legislation do dictate that some information be prioritized by information security strategies, they’re just the beginning. A healthcare organization that may have all their patient data effectively secured but not have all their research data protected—it’s just as valuable as it may support patent application or attract grant money, and has the potential to generate revenue. Personally Identifiable Information (PII) is always an obvious candidate for protection because compliance and regulatory frameworks deem it as sensitive, but intellectual property or data that’s essential to running your business is just as critical.
Treat sensitive data like a business asset
If you want get ROI from your information security spending, you need to think differently. You must understand your data on a deeper level so you can assign a value to it. There’s plenty of information residing in your organization that won’t cripple your organization if it’s lost. But your sensitive data must be assigned appropriate valuations that will be the of a business case for information security spending.
Getting an ROI on your information security spending is about anticipating incidents that haven’t happened yet, much like an insurance company considers the likelihood of natural disasters. To determine sensitive data and its value, you must weigh the cost of the protections you put in place with the financial impact of any breach and its likely frequency.
The simplest approach its to categorize data in three ways: data can be shared freely; sensitive data that can be shared with certain audiences in specific ways, and data that must remain confidential to the organization and never shared. The process of segmented and prioritizing data enables to apply the appropriate information security controls, so you understand the complete lifecycle of all data and adequately protect it based on the repercussions of losing it.
Treating sensitive data like a business asset enables you to make the case for information security so ROI can be effectively measured so can protect these valuable assets as you would any other important investment.
- November 26, 2020
- Catagory Security
With security threats to organizations only increasing and privacy legislation continuing to evolve, penetration testing remains a critical tool for protecting sensitive data.
And as endpoints multiply thanks to an increase in remote work, there’s no airtight network perimeter, which makes it all the more difficult for organizations to safeguard sensitive data. For it to be effective, penetration testing must be done properly, and it’s more than evaluating network security. It must be viewed holistically as part of your broader information security program.
Most of all, penetration testing should be more than a box that gets ticked once or twice a year to meet compliance obligations, and it should tap the outside expertise of partner that can put your people, processes and technology through their paces.
Endpoints raise risk
With an exceptionally high number of employees working remotely, the threats posed by endpoints to sensitive data must not be underestimated, whether it’s smartphones, laptops and IoT devices, many of which reside outside the main firewall. One of the most common mistakes is assuming that spending a lot of money on software and hardware will automatically protect sensitive data, but you must also account for human behavior.
Having newer hardware with the latest operating system can mitigate risk, but even the latest greatest fleet of workstations will bring with them their own built-in vulnerabilities. These must be identified and managed based on how they are deployed and the cybersecurity awareness of the end user. This is especially true as more employees work from home—there are many ways to access data and applications that don’t involve hacking a network. All it takes is one poorly configured web portal to open access a domain to threat actors so they can take complete control infrastructure.
These same threat actors take advantage of human behavior as users fall for convincing phishing emails. They also exploit vulnerabilities in software and hardware that are often the result of a convenient feature by using botnets to scan for them even as most organizations are oblivious that they’re even at risk.
And if you think you’re not worth hacking because you’re a small organization, think again. Hackers see you as easy targets because they know you’re less likely to have the security technology, resources and best practices that larger organizations may have. The good news is that as a smaller organization you’re more nimble and agile so you can adapt and more quickly benefit from penetration testing.
Testing should be proactive
Not all penetration tests are equal, and ideally, they should be done before a breach, not after you’ve lost sensitive data.
Rather, you should identify milestones that would necessitate a test of your network security. A trigger might be a workstation refresh or major operating system update as they can often be configured in such a way that unwittingly opens door that can be entered by threat actors. And while compliance obligations should inspire penetration testing, it should be more often than an annual exercise to please regulatory bodies.
Because effective penetration testing takes a great deal of skill and expertise and can take time away from regular IT operations, tapping the expertise of an experienced service provider who can poke holes in your security and will find vulnerabilities goes a long way to protecting sensitive data. They’re up to speed on the misconfigurations and evolving threats that might let someone sneak in, as well as the common mistakes made when configuring enterprise networks and remote worker access.
If you want to truly protect sensitive data, take the results of any penetration testing seriously, even if it might reflect badly on your efforts today. You’ll be better off the in long run. Protecting sensitive data is an exercise in continuous learning that mitigates risk, and frequent penetration testing is a contributor to competitive advantage as it enables you to build trust and credibility with your customers while maintaining compliance.
Sanjeev Spolia is CEO of Supra ITS
- November 16, 2020
- Catagory remote work
If you’re still struggling to optimize remote collaboration across your now virtual organization, you’re not alone. However, it does look like it’s the new normal for the foreseeable future, so you should prioritize finding ways to improve how your team works together remotely.
There are several ways you can improve remote collaboration. Some of them involve leverage technology, but many of them also involve managing people and understanding what they need to be successful to work from home.
- Focus on results, not hours on a timecard: If you’re used to measuring how productive people are by seeing bums in chairs, moving to remote collaboration has probably been difficult for you. Rather than measure productivity by how many hours employees are clocking, start measuring performance based on output. If the work is getting done, you’re already closer to optimizing remote collaboration.
- Create a buddy system: Some employees adapt to remote work better than others, and struggle because no longer have their peers to support them in the office. Consider pairing people up with someone else in a different department with relatively the same seniority so they have someone else as a sounding board to bounce ideas, concerns and frustrations off of, and ultimately find solutions via the pairing.
- Be mindful of meetings: Most meetings could have been an email, and remote work doesn’t change that. Having virtual ones might look like a way to replicate the camaraderie of the office, but meetings should still be focused and organized with a clear agenda and purpose. If there’s multiple people involved, have a facilitator to keep things on track and be sure everyone comes away clear on the next steps.
- Check in daily: While full-blown meetings should be few and far between, take advantage of remote collaboration tools such as Microsoft Teams or Slack to let everyone know what you working on that day and your pressing priorities. This enables everyone to better understand everyone else’s pressures and even step up to help if they can. It’s also a good way to structure your day so you get what you need to get done without getting sidetracked, and it’s output focused.
- Streamline communications channels: More isn’t better, and like an overflowing email inbox, having too many alerts and notifications in a remote collaboration tool is counter productive. Let employees set boundaries around how connected they want to be while they work so the can be productive, but also set up a single channel everyone must subscribe to so they get the company-wide information they need on a daily basis.
- Get things done and be accountable: Whether it’s a next step agreed upon in a meeting or regulator best practices, it’s important to follow through on things. Keep track of commitments in a transparent way so everyone can take responsibility for what they agree to do.
- When in doubt, over-communicate: As much as we don’t want employees to be overwhelmed notifications, alerts and messages in remote collaboration tools, don’t assume your colleagues know what they need to now. Use your daily check in and the channels at your disposal to communicate everything you think might be valuable, as things can fall through the cracks when you don’t have daily, in-person interactions.
Full-time remote collaboration is new for most people, so at the end of the day you need to have empathy and remember that their home office environment may be different than yours. While it’s important to focus on getting things done and accountability, it’s also helpful to cut everyone a little slack during these stressful times.
- October 29, 2020
- Catagory remote work
Improving security for remote workers will hopefully be an inevitable consequence of the Covid-19 pandemic, and despite the inherent challenges, it should be a priority for IT teams.
Recent reports by Cisco looking at the future of secure remote work and consumer privacy found that IT buyers had been caught off-guard by the sudden shift of employees working from home, but are now speeding up adoption of technologies to support remote work. A majority of the 3,000 IT decision makers surveyed by Cisco rate cybersecurity as extremely or more important than it had been before the beginning of pandemic.
Guaranteeing access, securely
The biggest challenge for all IT teams regardless of an organization’s size has been improving security for remote workers, although providing the necessary access to the applications and data they needed came first. It comes at a time when the average consumer also values security and privacy as a social and economic issue, according to Cisco.
However, the company’s own research found there was a lot of work to be done toward improving security for remote workers by IT teams as just over half were somewhat prepared for the accelerated transition earlier this year. Endpoints, including those owned by organization, were cited as being the most difficult to protect, according to the Cisco survey, followed by customer information and cloud systems with the ability to securely control access to the enterprise network being the biggest challenge.
Improving security for remote workers will no doubt continue to be an priority for IT teams, even post-pandemic, as some employees will continue to want the flexibility of working from home and organizations see continued benefits, including cost savings on office space, by not having everyone in a traditional office environment.
Digital transformation can lead to a more secure cloud infrastructure
While IT teams are likely to see some budget increases that will specifically support improving security for remote workers, there are many initiatives that can help improve overall cybersecurity posture for organizations that are already common steps in a digital transformation journey.
If you haven’t already, you should establish a cloud security strategy that’s part of a broader transition cloud infrastructure transition. This will indirectly go toward enhancing security for remote workers while allowing IT teams to have to worry less about on-premises systems that were unprepared for the sudden shift to remote work. While putting more applications and data the cloud come with their own cybersecurity challenges, they can scale better than on-premises solutions and provide the necessary flexibility for supporting a remote workforce.
The transition to the cloud should also include embracing new tools to stay secure, recognizing that IT teams still have some responsibility for securing cloud applications and data, even as the service provider has a role in securing systems, too. IT teams need visibility into cloud infrastructure as well as their on-premises deployments in a single interface.
At the same time, IT teams should consider what experts are calling “zero-trust security strategies.” A zero-trust approach assumes all users and endpoints could present a threat to the organization, so they must be able to prove they are trusted if they are to gain access to the enterprise network, applications and data.
You can be small and secure
For smaller organizations, improving security for remote workers is just as essential but can be challenge for their IT teams. A managed services provider with experience helping small and medium-sized business with their technology infrastructure can play a key role in accelerating their adoption of solutions that can support remote workers with robust security.
Sanjeev Spolia is CEO of Supra ITS
- October 15, 2020
- Catagory cybersecurity
The shift to remote work means cybersecurity awareness across your organization is more important than ever for maintaining ongoing business operations and regulatory compliance.
Even before the pandemic, most organizations had become rather porous in nature from a network security perspective thanks to the Bring Your Own Device (BYOD) movement, adoption of cloud computing, distributed locations, and an already increasingly mobile workforce. But while security technology has emerged to keep up with these trends, it’s not a silver bullet. Every employee needs a heighten level of cybersecurity awareness.
Remote work means that how an employee manages their device at their home office can have an impact on the organization’s entire network. Their cybersecurity awareness means understanding their workstation is an endpoint that must be configured properly as to contribute to the overall security posture of the organization.
Training is critical to maximize cybersecurity awareness amongst your employees, especially remote workers. But it’s easy to lose their attention if training isn’t clear and engaging. If you’re doing regular phishing tests for your employees, try to have a sense of humour with the email content you’re creating as part of the test, for example, but also make sure employees understand the lesson without being made to feel stupid.
Cybersecurity awareness training should be done regularly as part of regular operations, and at least quarterly, rather than being big annual event, because threats to the organization are ongoing as hackers automate their processes to optimize their chance of success. You should also involve the executive team in your training, so everyone understands that cybersecurity awareness is critical to the success of the business. You might have the CEO do a short video, which is easy to share with remote workers.
The training shouldn’t be solely the responsibility of the security team, either. Lines of business leaders should help to spearhead cybersecurity awareness, and it should be a part of your remote work strategy.
It’s important to remember that cybersecurity awareness isn’t only about protecting against threat actors, malware and ransomware, and malicious data theft. Employees need to understand that good security also helps the organization stay compliant with government privacy legislation and meet regulatory obligations that apply to their industry. Data breaches not only have the potential to cripple business operations and negatively affect customers, but also lead to financial and legal penalties that can profoundly affect the long-term health of the organization.
Most people have adapted to remote work for the past seven months, but because organizations are more distributed than ever, there’s a potential for cybersecurity awareness efforts to lapse, even as be bad people around the world continue to take advantage of the new work-from-home reality. Those doing remote work as part of a connected organization must continue to be vigilant about security as part of their daily work habits.
Sanjeev Spolia is CEO of Supra ITS.