- May 25, 2023
- Catagory Computer Hardware
Don’t Forget About Offline Device Security
Constant connectivity contributes a lot to data breaches, but offline device security should not be neglected. Stolen devices, including laptops, and even decommissioned devices can be an opportunity for threat actors to gain access to data they shouldn’t have.
Stolen laptops and portable drives have been the cause of many a security breach going back more than 25 years, and with the massive uptick in remote work, stolen laptops are contributing to a rise in data breaches – it’s one of the endpoints most likely to be a source of security threats and lost sensitive business data, including customer information.
There are several consequences to this old-fashioned theft: revenue losses, a loss of customer faith and reputation, legal liability, and breach of privacy legislation. As you look at all the ways your connected enterprise is a risk, you must consider the security of offline devices, too, especially employee laptops.
You should aways know the status of every endpoint, and that includes every employee laptop, whether they’re working at home, on the road or spending the day in the office. The more on the go they are, the more opportunities there are for them to leave the laptop unattended. You must never lose track of any laptop, and you must be able to control it, even when it’s not connected or powered off.
There are now solutions coming to market that use a cellular network for telemetry so that devices can be tracked and managed without the need for internet connectivity or power. There are now few reasons you can’t track, lock, and wipe an errant laptop to keep sensitive data from being accessed by threat actors with sticky fingers.
Some laptop makers are building in better protection capabilities at the system BIOS and hardware levels so that the computer will only work when connected to the Internet with proper credentials.
But offline device security shouldn’t just apply to laptops in service. You must also have a strategy for decommissioning all computer hardware, including office desktops, servers, and drives. If the device is non-functional for practical purposes, it can always hold data that can be accessed by a determined bad actor who finds it before it’s destroyed.
In the age of constant connectivity and cloud-based business applications, it’s sometimes easy for physical device security to fall through the cracks, even though a single stolen laptop can be the launch point for a deadly cyberattack. Even you don’t any internet of things (IoT) devices are your network, you must have a physical device security strategy that covers all computers, portable drives, servers, and smartphones – not just when they are active and connected, but also when they’re offline and even when they’ve been decommissioned.
More security tools don’t automatically mean your business is fully protected – blowing the budget on cybersecurity will have diminishing returns. You need to spend smarter, especially if your budget is constrained.
In addition to having the right technology, you need to have proper framework to guide your security investments. These frameworks include how you manage user onboarding, remote access to your network and who’s allowed to spin up new applications in the cloud. Having accurate and transparent guidelines for how employees work will enable to be precise with your security investments.
You must also understand your organization’s attack surfaces – operating systems, device types including employee laptops and smartphones, cloud technologies, browsers and email clients will all determine how you spend your budget for security. They are all vectors for threat actors to exploit.
It’s critical that you must implement effective controls to protect applications and data and a method of ensuring they are functioning consistently and effectively. Most of all, you must look for opportunities to automate because one of the biggest line items in your security budget is people.
Consider all points of access
Your controls for protecting applications and data should be ready to confront ransomware, malware, distributed denial-of-service (DDOS) attacks, internal threats due to disgruntled employees and human error, bearing in mind that each vulnerability is a doorway that opens wider access to your IT infrastructure. These controls must be ready to deal with a dynamic landscape as threat actors are constantly changing their tactics and techniques and consider every access point an opportunity.
Even if you’ve fully leveraging cloud technologies to run your business, you can’t depend fully on your cloud service provider to secure your applications and data – you need to understand where their responsibilities end and yours begin. If you’ve not moved to the cloud, doing so can help you get more for your security budget.
Prepare for a breach
Even if you’re confident that you’ve enabled all the proper controls, your security budget should account for a data breach – you need to assume that a threat actor might gain initial access and be ready to mitigate and learn from the attack.
One way to ready yourself for a breach is to fully understand what’s normal for your organization. It’s easier to spot malicious activity when you have a baseline for what is standard operating procedure. Having the right endpoint detection and response (EDR) tools go a long way to providing the necessary visibility to proactively protect your data and applications. You must also remember that each system comes with its own settings and best practices that contribute to your overall security.
Automation pays off
Given everything you must monitor and control and assuming it’s just a matter of when not if a breach occurs, you must automate wherever possible if you’re to attain maximum protection and resiliency within a constrained security budget. Even if the sky was the limit, the competition for cybersecurity talent is fierce.
You can’t detect, manage, mitigate, remediate, and maintain an adequate security posture without automation. You must be able to update software, firmware, and patches automatically as much as possible while also track the behavior of every asset over time so you can maintain their security consistently as employees come and go and passwords are changed.
You can best get the most of your security budget through automation by doing it in concert with your broader IT systems, especially those already set up to track your assets. Cloud-based technologies can also aid in mapping and scoring your security budget.
If you’re a smaller organization, you should consider turning to a managed service provider to help with you automate as well as evaluate your security frameworks and tools. They can take on many aspects of data and application protection, help you redeploy your staff most effectively and get you the biggest bang for your security budget.
Good habits have always been a key enabler of security in the organization, and they’re an essential part of your strategy to secure remote work.
With the hybrid workplace here to stay, your employees are not just working at home – they’re more mobile than ever, which means they’re connecting to your network infrastructure from many different locations. If you’re going to let staff work in an environment over which you have little to no control, you need to instill some good habits that enable secure remote work.
This is especially true if you’re going to permit your employees to work in public spaces, such as a park or a coffee shop. The argument could made that if you’re going to secure remote work effectively, you should put limits on what employees use as their workplace.
The most compelling reason is that they will use public, unsecured Wi-Fi, making them more likely to expose critical business information and even get hacked. Employees working in public spaces should only access corporate resources online through a virtual private network (VPN), even if they are working from home. Alternatively, they can use their smartphone as a hotspot rather than use public Wi-Fi.
The laptop employees use to work remotely must also be kept up to date so it’s able to handle the latest threats. You can’t secure remote work without anti-virus / malware protection software – any computer connecting to your network must have it, and it needs to be updated with the latest patches and virus definitions to protect against threat actors looking to exploit operating system and application vulnerabilities.
Just as you need to update your anti-virus software regularly, you need to update devices frequently – they should be rebooted often the latest software patches, firmware, and security fixes applied as soon as they are available. If the employee is working from home, you should make sure they’re updating their router regularly as well and any other devices on their home network.
Keeping hardware and software up to date is a habit that’s essential if you’re to secure remote work. Similarly, you must instill best practices when it comes to passwords management. Employees should understand the necessity of creating strong passwords that are unique to each login and account they use. Where possible, look at implementing multi-factor authentication (MFA). Adopting a Zero Trust approach can also help to secure remote work because it means employees are only accessing applications and data they need to.
Technology can only do so much to secure remote work – employee habits that foster good security hygiene are essential if you’re to support a hybrid workplace and mobile workers.
- April 11, 2023
- Catagory Compliance
Why Multi-Factor Authentication Is Table Stakes for Effective Security
The move to remote work and hybrid workplaces has demonstrated that multi-factor authentication is now a must-have for effective security and employee data protection.
Gone are the days of just making sure staff have complex and unique passwords for everything they access. In addition to a username and password to log into an application, it’s a critical that you have a second layer of authentication – two-factor authentication or multi-factor authentication (MFA). This means that in addition to a password entered in the primary device, there’s an additional step to log in – multi-factor authentication either requires that another code be sent to a secondary device such as smartphone or a biometric step in the form of a fingerprint or voice identification system.
Your employees have already experienced multi-factor authentication in their daily lives. Major banks now use biometrics for mobile banking, and they will also need to authenticate through that device when logging onto their bank’s web site from a desktop computer.
And while you might think that multi-factor authentication is an advanced feature that’s only necessary for major financial organizations, there are plenty of reasons why you should add another layer of authentication for all employees accessing critical applications and customer data.
- Weak and stolen passwords: As much as employees are encouraged to use unique and complex passwords for each and every digital system they access, it means they must remember each and every one or rely on a password manager to keep track of them. These password managers can also be circumvented by threat actors .Password theft has become cleverer through methods such as keylogging, phishing, and pharming, which is when malicious code is injected onto a device that redirects employees to a phony website where they enter sensitive information, including authentication information.
- Remote access: For many organizations, the hybrid workplace is here to stay. Multi-factor authentication is essential if you’re to provide fully secure remote access without impairing employee productivity. It can even make logging in easier as single sign-on software combined with multi-factor authentication can help to avoid “login fatigue,” since it requires an initial login to access multiple applications.
- Compliance: Depending on your industry, your organization may be required to implement multi-factor authentication to bolster protection of sensitive financial or health data, as well as other personally identifiable information (PII) in accordance with regional, national, or international privacy legislation or regulatory frameworks.
Implementing multi-factor authentication ensures that you can get the most of your cybersecurity investments. Other technologies such as advanced firewalls and anti-virus software can only do so much to protect critical applications and sensitive data – without robust authentication and digital identity management, threat actors still have plenty of avenues to exploit to gain access to your systems.
Multi-factor authentication not only controls employee access, but it also acts as an alert mechanism when an unauthorized access attempt is made – if an employee gets a request for secondary authentication that they didn’t request, they can report it to the IT department, so they know that there’s active threat.
If you’ve not considered implementing multi-factor authentication, remote and hybrid working should be the tipping point, since your employees are likely using less secure internet connections to access your network and may even be using a personal device. Multi-factor authentication reduces the risk that comes with securing remote workers’ WiFi connections and personal devices.
No matter your industry or the size of your business, multi-factor authentication should now be considered table stakes when it comes to effectively securing your organization.
Attracting security talent has always been a challenge, no matter the size of your business. But as threat activity increases in a parallel with a labour shortage, it’s even harder for small and medium-sized businesses (SMBs) to attract and keep IT security talent.
It’s not something you can neglect, however, as security doesn’t become less important the smaller your organization. When every business relies on data and connectivity to serve customers and grow market share, SMBs are just as vulnerable to security threats as large enterprises.
The trick for SMBs is having a well-defined role for a small contingent of talent who can tap into outside expertise to bolster overall security posture.
Lots of threats, not enough people
There’s a shortage of security talent worldwide, even as the workforce has hit record numbers. According to the 2022 (ISC)2 Cybersecurity Workforce Study released in fall 2022, there was a global shortage of 3.4 million workers in the IT security field. The report also found that there were more than 700,000 unfilled cybersecurity jobs in the U.S. alone.
The security talent shortage comes at a time when cybersecurity attacks are on the rise, with the average number rising 31 percent to 270 per year between 2020 and 2021, compounded by the pivot to remote work. If you’re one of the companies that’s seeing an increase in cybersecurity attacks – and you likely are – you’re going to have to increase your budget for security talent. The (ISC)2 study found that just over a quarter of those who are in the field are in it because of the high salaries.
Money is not the only solution to the security talent woes, however.
Paychecks must come with perks
A competitive salary is table stakes in an inflationary economy, regardless of the role, and especially if you want to hire skilled IT workers. But if you want to attract security talent and keep it, there are several key things to consider when looking to fill cybersecurity positions beyond the paycheck.
- Have the right tools: If your cybersecurity technology investments are lacking, your security talent is going to get frustrated if their hard work is hindered by inadequate tools. This includes automation – if you’re still doing things manually that can be done by software or emerging artificial intelligence (AI) capabilities, your security talent is going to feel bogged down and ineffective despite their best efforts.
- Offer variety and interesting work: Similarly, your security talent wants engaging work that’s more than just sitting in front of a consoling assessing and triaging alerts. If you’re automating as much as possible, cybersecurity work becomes more strategic, allowing for people to implement more proactive measures such as a Zero Trust approach to security and helping all employees become part of the solution by through education and policy. You want your security talent to get satisfaction from playing a role in enabling the business.
- Cover training and certification: The best workers in any field don’t want to be stagnant. Combine that with how quickly security threats evolve, it’s in your best interest to provide your security talent with opportunities for continuing education and certification. This is especially true for younger workers, who will always be eyeing opportunities for advancement – other employers know this and are adjusting their hiring practices accordingly.
- Don’t limit your talent pool: If you’re ready to invest in training and education, you should also consider recruiting talent from a broader group of candidates within information technology, even if they don’t have a cybersecurity focus. Foiling threat actors, assessing risks and mitigating vulnerabilities requires a diverse set of people, including analytical, organized, and creative types.
Even if money is no object, it’s important for SMBs to be selective of where they deploy security talent in-house. As with IT in general, it often makes sense to tap into the expertise of a managed service provider with a security focus who can help your small, nimble security team execute on a daily basis while providing assessment and strategic advice where need.
- February 14, 2023
- Catagory IT management
There’s No Security Without Visibility
If you don’t have visibility into your IT infrastructure, you can’t have confidence in your overall security.
This is especially true for those in the manufacturing and energy sectors that have a great deal of operational technology (OT) and industrial control systems (ICS), as their security can impact the broader organization through its integration with more conventional IT systems.
An annual report released by Dragos outlined the visibility challenges faced by ICS/OT networks when it comes to identifying vulnerabilities ICS/OT devices as ransomware attacks on firms with ICS/OT infrastructure increase. These attacks demonstrate how industrial firms have their own set variables when it comes to security and establishing visibility across all systems, especially as the industrial internet of things (IoT) becomes more ubiquitous.
But even outside industrial systems, visibility is critical for robust security, especially as remote work continues and many businesses settle into a hybrid approach. Whether it’s an ICS/OT device in an industrial setting, a IoT sensor for agricultural applications or a laptop for a road warrior leading your sales initiatives, you must be able to see these devices on your network and understand their vulnerabilities.
No matter why your digital footprint is expanding, security visibility becomes increasingly difficult when you must keep track of home office, on-premises and cloud-based endpoints. Your attack surfaces are proliferating, and you must be able to see all of them – you can’t get the visibility you need to identify the gaps in your security programs and controls without the right tools and best practices.
And there’s many elements you must be able to see and control:
- Endpoints of all sorts are your weakest links as they exchange data over a variety of network connections
- Because it’s so easy for business users to spin up whatever cloud-based services they think will help meet their objectives, you run the risk of shadow IT that’s connecting to your infrastructure without proper governance
- Even before remote work became the norm, remote offices meant a more distributed workforce, which is more difficult to monitor than ever thanks to home offices and mobile devices
- Cloud services can allow you to delegate security to the provider of a service, but it’s still a shared responsibility
These are just some of the key elements of your IT infrastructure that require visibility if they are to be fully secured, and it’s helpful if you break down visibility into three broad categories if you’re to attain it organization-wide.
Operational visibility includes operational compliance and operational processes, as well as user visibility so you understand who has access to data and why, including applications. People come and go and responsibilities change, so you must have best practices for onboarding and off-boarding employees as well as device lifecycle management. A zero-trust approach to security can help to improve user visibility.
Technical visibility has become more difficult with more distributed workforces and IT environments – you must understand all the threats and vulnerabilities that might affect your systems, connections and devices, whether it’s a laptop, server, smartphone or narrow-purpose IoT device.
Your organizational visibility determines your awareness to any threats to your brand, reputation, and intellectual property. This level of visibility requires not only security tools but also best practices and processes.
At the end of the day, however, visibility is all about knowing where your data is so you can protect it – it’s the lifeblood of your business. A managed service provider can help you make the right links between visibility and security so you can build a true picture of your IT infrastructure across every system and endpoint.
- January 31, 2023
- Catagory remote work
Your IT People Are Worried About Remote Work Security
If you haven’t fully adjusted to the era of remote work, your IT team leader has something to say about security.
According to a new Cisco Systems survey, the increasing number of employees working remotely today – even as some employees head back to the office – is stressing out both business leaders and those responsible for security, and a big culprit is unregistered devices.
The Cisco survey found that 84% of 6,700 respondents, including 81% of the 300 Canadian respondents, found that working remotely has increased cybersecurity risks to their organization, and nearly a percentage of respondents cites unregistered devices used by employees in support of remote to be the likely cause of security incidents. Unregistered devices might include laptops, tablets, and smart phones, the survey said.
In general, Cisco found that in the early days of the pandemic when the sudden shift to remote work occurred, security became an afterthought, as noted by a Cisco exec interviewed by IT World Canada. The reason security tends to take a back seat when employees work from home is that they want a similar experience to working in the office, but they don’t want security controls that make it harder to do their jobs. In addition, remote work isn’t just about working from home – employees now want the option of working anywhere.
Meanwhile, the International Association of IT Asset Managers (IAITAM) has similar concerns about the impact of remote work on organizational security, echoing the Cisco survey’s observation that security wasn’t top of mind when the initial rush to remote work occurred in March 2020. Not only are personal devices being used by remote workers to access the corporate network contributing to security issues, but there’s also “low-tech breach” danger if organizations don’t have proper IT asset disposal procedures, IAITAM warns.
Not having a proper asset disposal program for computer hardware is just as important for remote work security as having a strategy for warding against employee errors, rogue employees, errant third party vendors, and outside hackers, advises IAITAM. Any asset disposal program should include certified data drive sanitation or destruction, and robust tracking of the disposal process so that data thieves aren’t gaining access to mission critical business information.
Monitoring the lifecycle of computer hardware used for remote work can be especially complex if they include personal devices, but asset management is critical to any organization’s security strategy. If you don’t a program in place, consider consulting your managed service provider for support.
- January 17, 2023
- Catagory remote work
Remember the basics of remote work security
At the risk of sounding like a broken record, remote work isn’t going away, so you need always be mindful of some core security measures that protects what looks to be a perpetual hybrid workplace.
These measures are both technical and cultural in nature – your people are just as critical as the security technology you deploy to accommodate remote work.
The most obvious step you can take on the technology front is to regularly update and monitor your network security. This includes applying the latest security patches and upgrades to all devices, including updates to operating systems as well as keeping your antivirus and antimalware programs current. Don’t forget hardware updates such as those for your routers and switches, either.
A strong technology foundation is critical to remote work security and should also include secure VPN access for any employee working outside the office, as well as multi-factor authentication (MFA), both of which lay the groundwork for creating a Zero Trust environment. Also essential are tools for monitoring your environment so you have a complete understanding of what’s connected to your infrastructure, whether it’s devices that support remote work or other devices and services, including internet of things (IoT) devices. You should be able to interrogate the network so you can know for certain how every connected device behaves at the packet level.
In the era of remote work, MFA is a must have, and illustrates how critical the intersection of technology and people is to security. Employing MFA recognizes that even the best passwords can be broken and that the users who select and use them make mistakes. This is where employee education comes into play so all users, remote or otherwise, understand good password etiquette and the benefits of adding another layer of security with MFA.
User education is also the best defence against phishing emails, which remain the most common threat to your sensitive data. The upheaval of the pandemic has made for good cover for threat actors who send convincing emails that open the door to malware and ransomware.
The culture of your organization has always been critical for maintaining robust security, and the sudden switch to remote work was a stark reminder of that. Even as many employees return to the office, it’s a great time to remind your entire team that remote work requires the same level of attention to best practices around storing and security mission critical data.
The return to the office should also be seen as an opportunity to take another look at your entire security strategy – consider tapping into the expertise of a managed service provider to help you re-evaluate and refresh your technology and best practices.
- November 30, 2022
- Catagory Managed IT Services
Your Security Strategy Should Include MDR
Implementing security technologies such as a Security Information and Event Management (SIEM) platform will only protect your organization if they are effectively managed, which is why you must consider embracing managed detection and response (MDR).
MDR isn’t a technology, it’s a service with SIEM acting as key pillar of its foundation, as well as endpoint detection and response (EDR). Delivered by a third-party service provider, it allows you to tap into cybersecurity expertise that’s in high demand and difficult to attract and cultivate internally. Your managed service provider (MSP) is a great resource for accessing MDR and a team of skilled professionals who can help you manage and optimize your security.
It’s also more proactive – security experts on staff with your service provider leverage SIEM and EDR to monitor and analyze events so they can identify dangerous threats before they can have a negative impact on your business. MDR delivered by an MSP is better able to keep up with volume of anomalous events to discern whether they will result in a serious data breach or malicious attack by a threat actor.
The most compelling reason to seek out a service provider who can deliver MDR is they can do it 24 hours a day, 7 days a week, 365 days a year. For most small and medium sized businesses, it’s simply mot feasible to staff your IT team with security experts all the time, including holidays. Even if you can attract the skilled personnel, it’s better to have them focused on more strategic IT and security initiatives. An MDR provider reduces the burden on your own people, so they have more time to breath, given all their other responsibilities.
An MDR analyst with the latest and greatest tools can better sift through the vast amounts of data being ingested from different sources and endpoints and analyze it. They are also able to understand how to automate security tools to work more effectively so they’re only handling incidents that require human intervention. Their ability to interpret data not only helps them prevent and mitigate vulnerabilities, but also prevent future attacks by applying lessons learned to make your organization more resilient.
A managed service provider is best equipped to optimize security platforms including SIEM and EDR as part of an MDR solution because they can better access and scale these advanced security tools and the necessary skilled professionals capable of using them effectively.
- November 16, 2022
- Catagory Data Protection
What is SIEM and Why Do You Need It?
The cybersecurity landscape is replete with acronyms, and it can be hard to figure out which ones matter to your business. SIEM stands for Security Information and Event Management, and it’s something you should be leveraging to keep your organization safe.
Pronounced “sim,” SIEM is a software-based cybersecurity technology that gives you a single, streamlined view of your data along with your operational capabilities and security at activities to you can better detect, investigate, and mitigate threats. SIEM bolsters your security posture by providing this visibility in real-time and encompasses your entire environment, no matter how distributed – and it likely is in this era of increased remote and hybrid work.
If you’re worried that SIEM is yet another massive software deployment, there’s good news: it can be cloud-based and configured to monitor your on-premises, hybrid and cloud infrastructure while tapping into a broad array of security tools and technologies.
How SIEM works
SIEM thrives on having a lot of data sources to monitor. It ingests as much data as possible on the hunt for unusual activity that represents a threat actor trying to gain access to your systems or making trouble once they’re already in. Combined with its ability to give you a real-time snapshot of your IT infrastructure and keep logs to support your compliance obligations, SIEM gives you the ability analyze data from network applications and hardware, and cloud and software-as-a-service (SaaS) solutions — all in real time so you can stay top of threats, whether they’re internal or external.
SIEM monitors network devices such as wireless access points, routers, and switches, bridges, as well as the software running on them. It also pulls data from security devices such as firewalls, antivirus software, and intrusion detection appliances, as well as devices and activity related to remote work. Users, event types, IP addresses, memory, and processes are all monitored for signs of exceptional activity – everything from potential malware to a failed login so that any deviations are flagged for security analysts to investigate.
Essentially, your SIEM is a security command center that pulls together all event data into a single location but adds useful context for analysts so they can prioritize what to respond to and investigate. Everything is presented on dashboards, including an overview of notable events with details, risk analysis, and a workbook of all open notifications. Intelligence from users, threats, protocols, and the web are all brought together.
How SIEM helps
SIEM offers many benefits for organizations looking to improve their security posture.
It provides a high level of visibility to help your security teams see everything across your IT infrastructure, including remote endpoints. The right SIEM solution also reduces the number of false alerts, so your IT teams aren’t spinning their wheels and are able to focus on detecting and investigating actual threats. SIEM is also flexible so you can integrate it into your environment with all its unique characteristics that are driven by your industry, including any compliance obligations.
Most of all, SIEM is something your managed service provider can help you with, so you’re not faced with another onerous software deployment. They can help you select, deploy, and even manage the right SIEM solution so you can get the visibility you need to improve your security posture.
Latest Blogs
FAQ