SoftwareOne logo

4.4 min to readDigital Workplace

Cyber security guide: how to reduce security risks in the future

Ravi Bindra
Ravi BindraCISO
A woman's finger is pointing at a colorful screen.

Over the last several months, organizations around the world have been forced to implement remote workplace policies tailored to their own unique business needs. Whether there was already a plan in place for telecommuting or this was an entirely new frontier, there’s no question that everyone is undergoing major changes in the way they work.

As companies make the necessary adjustments to their digital transformation strategies, there is one aspect that cannot be overlooked: security. When employees work from home, IT teams cannot simply walk into their home offices to check security settings. Therefore, there are new responsibilities for both the company and the employees. Remote work calls for heightened precautions and organizations must be more vigilant than ever in implementing new security measures. Let’s take a closer look at how your organization can reduce security risks now and in the future.

Receiving the security guidance you need

According to a recent Fortune 500 survey, 75% of companies say work from home initiatives have accelerated their need to digitally transform. While such changes will help ensure future business agility, they often require moving at a pace that organizations are likely not used to. And if they are having trouble keeping up, they could benefit from security guidance.

When it comes to the remote workplace, there is no shortage of moving parts. Many employees are now working on their WiFi networks at home which means IT teams have much less overall visibility. In the office, employees are typically working on their company’s secure network through which IT teams can patch vulnerabilities and alert employees to software updates. Unfortunately, there is no easy way to do this for those working from home. Additionally, many employees are using corporate devices outside of their organization’s security controls which puts their data at greater risk of being compromised.

Aside from corporate devices, employees are using personal computers, tablets, and mobile devices more than ever. While bring your own device (BYOD) is not a new concept, it may be new to your organization. And if your organization had to jump into telecommuting without a plan, there is a good chance you didn’t have a clear end user policy in place.

Understanding and enforcing policies

It’s never too late to begin enforcing new security policies with remote employees. Speak to your team about which devices are most appropriate to use and how best to implement IT monitoring and oversight. It is understandable for employees to be uncomfortable with the IT department having access to devices that contain personal information so make sure you help your team understand what IT will and will not be able to monitor.

Also, encourage everyone at your organization to maintain the same level of cyber hygiene they did back at the office. This means using strong passwords, implementing two-factor authentication and time-out locking, and running regular data backups. As for personal devices, you should have procedures in place in case a device holding sensitive company data goes missing or is stolen. Virtual Desktops ease the burden on both sides: while users can access their desktop and applications from anywhere on any kind of device, IT organizations can better manage and apply security settings with data stored centrally in a (cloud-based) data center. On top of that, remote workers should make sure that their home networks are protected. Many home devices use a shared network environment which gives way to several unprotected endpoints. Unfortunately, this opens the door to security breaches. It goes without saying that home Wi-Fi networks are notoriously unsecure. They often use factory-standard or basic passwords that can be easily hacked, and game consoles and ‘smart’ appliances offer a low-security gateway to fraudulent activity. Let's not forget these security breaches may have GDPR implications and employees need to ensure they are working in compliance with data protection in the home office and on the go.

While virtual private networks (VPN) and infrastructure must be up to date, the bigger danger is when the systems behind the VPN at the customer’s home are not up to date. It is important to have a policy requiring employees to regularly run company-provided anti-virus protection software on all devices they’re using to access company information. It may seem daunting to put all of these policies in place, but they will undoubtedly cut down on future remediation

Continuing end-user training and education

In conjunction with implementing adequate policies and procedures, IT Security teams should continuously educate and train their company’s workforce. This helps to ensure employees are properly securing their endpoint vulnerabilities and - perhaps most importantly - can identify and prevent phishing attempts, which have become exponentially more sophisticated and prevalent in recent years. It is also important to keep in mind that a successful phishing attempt on a remote device could allow a cyber criminal to infiltrate a company’s private network once the employee owning the device returns to the office. To prevent such an event, hold regular training sessions with your employees to run through what a targeted phishing attempt could look like. Some organizations may even choose to test employees with fake phishing emails to identify vulnerable targets and prioritize education and training.

Also, remember to send out flyers and notices on the latest security threats and check in with teams individually to make sure they are staying vigilant. The more you continue to educate your end-users, the more they will be able to detect and avoid attacks. That being said, before asking employees to return to the office, you should have a solid plan in place for reconnecting to your office network. After months of being dispersed, having everyone connect to the same private server could present serious risks. Instead, consider preparing a guest network for employees to connect to first. This way, employees won’t put the organization in a vulnerable position, and you can safely run security checks in a controlled environment.

Regular training can ensure that employees are suitably informed and aware of phishing attacks. By educating them on how to spot, report and remove suspicious emails, employees become empowered to provide the first line of defense against attackers. Lastly, adopting a layered, strategic approach to internal training and cyber security solutions can enable a company’s cybersecurity approach to be fully capable of addressing and resolving cyber-threats.

Creating a cloud security foundation that will last

Last but not least you should always think of your cloud security foundation. Now that the cloud and cloud services are essential for nearly everyone to maintain productivity, even in uncertain times, enterprises should think about their digital transformation strategy. Security should remain one of the top priorities while moving workloads to the cloud. Protecting data and not putting any sensitive information at risk is a key aspect to consider when planning your cloud strategy. Implementing a proper cloud configuration will ensure that your hardware and software elements can interoperate and communicate with each other and are also secure at the same time.

Cloud-delivered security services are growing increasingly popular with the evolution of remote office technology. Secure access service edge (SASE) technology allows organizations to better protect mobile workers and cloud applications by routing traffic through a cloud-based security stack. This enables IT security teams to manage it all remotely. For example, cloud-based secure virtual desktop services give IT professionals remote access to employees’ systems, including files and networks. The cloud is also key to security systems. Secure-edge, cloud-based DLP and threat-protection controls can help safeguard an organization’s critical assets.

Staying ahead of security threats will require a strong, but flexible, plan. It’s crucial to identify which assets are most critical to your organization and evaluate the security and compliance gaps so you can create a course of action for prevention and remediation. As your trusted advisor, SoftwareOne can easily help you to stop malicious activities, and improve security effectiveness for your mission critical cloud workloads.

Preparing for the new normal

If this all feels overwhelming, don’t worry. Here at SoftwareOne, we ensure you are not alone in this journey. Whether it’s ransomware prevention or biometric security implementation, our Managed Security Services are designed to take your cyber security strategy to the next level. Investing in support now, while your organization is remote, will only help strengthen your strategy once you return to the office. There is so much uncertainty around adapting to the “New Normal”, but strong cyber security can help lead the way.

A close up of a pink and blue flower.

Stay safe and secure no matter where your team Is

With remote work comes heightened security precautions, and SoftwareOne is here to help. Learn more about how our team can support your strategy.

Stay safe and secure no matter where your team Is

With remote work comes heightened security precautions, and SoftwareOne is here to help. Learn more about how our team can support your strategy.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.