Organisation across all sectors have faced an unprecedented rate of change in 2020, with both Brexit and the Covid-19 pandemic affecting operations. Organisations have, on the whole quickly adapted and introduced new ways of working, ensuring that business continuity has been maintained – and customers have continued to receive consistent levels of service.
However, the very nature of having the majority of your workforce working from home means that your pre-existing security solutions are unable to stretch across this new reality.
The security approach for many organisations pre-pandemic was to build as higher walls as possible to protect both employee and customer data. This is a strategy that was already questionable, with cyber-criminals seemingly more than one-step ahead and therefore able to breach these walls.
However, with entire workforces now working outside of the corporate network, those high walls of cyber defence are in many cases no longer relevant, leaving infrastructure and data more vulnerable. This increased vulnerability also coincides with cyber criminals upping their efforts and the levels of sophistication of their attacks. The very nature of criminals means that they will look for the route of least resistance in order to secure access to valuable data. This weakest link is more often than not the employee.
Whilst employees are struggling to get to grips with new ways of working the need to ensure that they are fully up-to-speed with the latest cyber threats, what they look like and how to deal with them is crucial.
Educating staff about cyber-crime and the types of tactics that criminals are using is important to help reduce vulnerability. With employees working outside of the corporate network, often for the first time, the emphasis of making the right decisions about possible threats (particularly phishing emails), is now firmly in their laps.
In an attempt to ensure business continuity many employees have been encouraged to use personal laptops and PC’s. Many of these are old, have not been patched and are no longer supported by their manufacturer. This leaves them open to criminals to more easily gain access. Once access to the device has been secured, the criminal can easily explore ways of securing entry into the corporate network to which the device is connected. Of course, home-based devices also mean that it is not just the education of your direct employee, but of anyone who has access and uses the device within the household.
The huge changes impacting organisations in 2020 have seen the adoption of some tech trends accelerate rapidly. Cloud computing has been with us for some time, but the nature of cloud means that it has proved a perfect solution for companies trying to work effectively with a remote workforce.
As a result, companies have been turning to cloud and relying on partners such as AWS, Google and others. However, with this move some complacency has crept in. Some companies migrating data and infrastructure to the cloud have assumed that the responsibility for all aspects of that data now sits with the cloud provider.
That is not the case, and companies have to be particularly careful in their approach to cloud computing. AWS has produced a handy guide outlining the shared responsibility and where that responsibility sits.
So, in a much-changed world, where employees are accessing company data from new environments and criminals are more determined and able than ever to take advantage of the situation, organisations have to look for long-term solutions to keep criminals out. For companies using new and multi-cloud environments, ensuring their data is secure, and vulnerabilities are closed without impacting employee productivity must seem like a hugely daunting task.
There are however solutions that can help organisations overcome these challenges and rapidly secure their infrastructure and data.
Zero Trust data security solutions are just one such example. Zero Trust takes away the mentality of sitting behind a defensive wall. It essentially takes the approach that no-one can be trusted to enter the perimeter until they prove their credentials with every access. This is particularly important with a remote workforce using personal or outdated devices. There is a really useful overview of Zero Trust solutions here.
As well as Zero Trust, Identity and Access Management (IAM) solutions are proving successful for many organisations. Like Zero Trust, IAM helps organisations be confident in who is accessing what, when and whether they have the authority to be doing so. IAM systems provide IT teams with the tools to track a user’s activity, change a user’s role, create reports on these activities and more, enabling them to enforce policies on an ad-hoc basis.
IAM is designed to stretch across an entire company’s network and workforce, allowing security managers to have a full view of who is accessing what and when. It helps to ensure that any ‘suspicious activity is immediately highlighted, ex- employees cannot log-in to the corporate network using old credentials, and means regulation and corporate policies are constantly adhered to. More importantly, a good IAM solution will use a class-leading Identity as a Service (IDaaS) solution that enables secure access to any digital systems – on-premises or in the cloud – without adding additional friction for employees and customers alike.
Companies have scrambled to implement new solutions and ways of working to ensure business continuity throughout 2020. However, now is the time to take a step back and look at what has been implemented, how employees are working and whether this opens up vulnerabilities within the corporate network for 2021.
Certainly, education of employees goes along the way to negate the threat of the cyber-criminal but sitting beneath a defensive wall is no longer an option.
For those looking to explore the suitability of Zero Trust and IAM solutions, Northdoor is offering a guided free trial to allow you to get your hands-on IBM Security Verify and really understand how to get maximum benefit from the solution, with our expert help. The IBM Security Verify Access Free Trial is now available with consultation, installation and configuration from Northdoor data security consultants – for more information click here.
If your organisation has transitioned to a remote workforce and you’d like to discuss improving secure working practices, contact Northdoor. Our consultants are here to help with a range of data solutions to suit any scale of organisation. Call us on 020 7448 8500, or email our data security advisors.