Updated: Mar 19
Our networks also suffered from the COVID-19 pandemic. It has driven corporations and governments, companies and individuals, as well as the simple fields such as how and where we work, educate, study, live, and connect, to quickly revamp the practices and procedures introduced.
It is impossible to think of a particular occurrence in our life that created almost as much disturbance as in such a compressed time, and the effect is changing so rapidly that we are not always able to predict or monitor events.
With shifting job goals, CISOs struggle to ensure robust security and to make improvements in security priorities and strategies. For this new world, we suggest some best practices:
Remote staffing security
There are reports which convey that 23 percent of the companies have encountered a spike in cybersecurity incidents since they have called for their employees to turn to remote work. There is, therefore, a chief priority for safe remote access. However, given the scale of WFH in a new standard combined with the granularity demanded by the access control system, the VPNs were historically the alternative.
It can also provide a digital desktop for the company's data and application access, which means that all software and data cannot be downloaded to a home computer and stored on the company servers. The authentication of two or multifactor provides an additional degree for safety. Due to the job instability, an organization's ability to track access pro-actively and to manage explicitly privileged IDs through a PIM or PAM solution is critical.
Sustainability of security policy recognition and enforcement
Due to outdated or weak passwords, numerous data errors occur. Organizations must apply rules as part of their compliance strategy, ensuring that the staff periodically updates their passwords. Attacks may also happen with smart phishing e-mail, so the employees must be informed and warned about the suspicious e-mails. There is rising evidence that once clicked e-mails provide hackers with a key to organization networks. It is also necessary to encourage workers to avoid any contact on unsecured networks or social media. Employees often need to be trained to set up Wi-Fi at home to make sure it is safe (example- WPA2).
Maintain data backup
A recent security firm survey, Kaspersky says that in the first quarter of 2019, the DDoS-attacks doubled. The attacks of Ransomware have grown exponentially. Data received and stored in the Cloud or secondary storage soluti
ons from several employees across the globe must be continuously backed up. It is particularly important for data retrieval if a ransomware attack hits your organization.
Patching and updating is essential
Even one unpatched computer will give the hackers access to the company's network, as history has taught us. There should be a structured security strategy to keep workers reinforcing their software updates continuously. Since software upgrades can be a crucial problem in large organization's VPN networks, there must be a scheduled way that allows the existing bandwidth and networks from any additional stress. Organizations can solve the problem of patch management by automated patch management solutions from remote cloud-based systems or MDM solutions to upgrade inaccessible devices.
Preventing installation of third-party application
A new security survey conducted by CyberArk revealed that home-based business practices—including password reuse and enabling family members to use business devices—have put vital business processes and confidential data at risk. In the study, 77 percent of remote workers had access to corporate networks using unmanaged and unreliable "BYOD" computers. Companies should ensure that their workers use pre-approved laptops with the requisite security solutions and installed applications on them. It will prevent unauthorized device installation and reduces risks. Companies must also offer applications, hardware, and platform knowledge to workers that they can use to connect to and share.