Cyber security refers to the security measures organisations and individuals have in place to protect against a range of cyber threats including unauthorised access to sensitive data, malware and ransomware, social engineering attacks, and denial of service attacks. It covers a range of areas and activities, from device and data protection to the effective monitoring and reporting of risks and threats.
Good cyber security is crucial to ensure your data, systems and infrastructure are secure and protected from a growing number of cyber threats. It is particularly important as more sensitive information is stored online and more transactions completed through digital channels, to give clients and customers trust in your organisation and the services you provide.
Prior to the coronavirus pandemic, with your team in an office environment you could manage sensitive data such as customer records, HR details and databases either by storing it in a server room that you could control or via cloud services, again using technologies like Virtual Private Networks (VPNs) to ensure that only your office had access.
Lockdown restrictions however brought a rapid move to remote working, not only in IT but across nearly all industries. And with many teams still working in several different locations, how can you ensure that your data is protected at the same level?
Your clients/customers will expect you to have the same levels of protection no matter where your employees are in the world, and it’s up to you to ensure that your critical infrastructure continues to meet these standards. Well, how can you do that? By thinking about and then implementing some (and more) of the below…
A key challenge is that devices used for your business will no longer be on your business premises. So all that hard work/effort that you put into network security (like firewalls, automatic security updates, routers, network segmentation) will no longer be used when your employees are working remotely – at least by default.
So, you need to put other measures in place to ensure that any new employee network is still secure when it is accessing/downloading the data they require to do their work. There are a number of measures that you can put in place to ensure this same level of protection, even when users are remote:
Virtual home networks enable the secure transfer of data between a user’s home network and the business network (whether this is to the office, or a cloud solution). This will ensure that any applications will have their data encrypted, even if the protocol they are using isn’t encrypted by default.
With a home VPN, it’s important to ensure that devices on the same home network are safe, alongside your business equipment. This is totally different from the office network, where your IT team will decide what devices can (and cannot) reside on the same network. In fact, IT teams will typically have multiple networks, usually having at least one for devices that they do not trust (like a guest/visitor network for clients when they visit).
So, what security measures can you put in place with the home VPN to manage devices? You can ensure that the network security isn’t compromised by only allowing known devices onto this network. This would help lower the security risk of not controlling the entire network.
If your users are going to download/create files on their local disks then disk encryption is a must. This means that if a device does get lost or stolen, the ability to read any data that is on the drive is greatly reduced (to almost zero with good password policies). This should work hand in hand with a mobile device manager/policy, which could wipe devices remotely on command.
Another way of mitigating security risks is to use remote services such as Citrix or others to deliver the desktop experience, without data ever leaving your data center. This means that while the users think that they are accessing information systems in a way similar to the office, they are in fact using cloud services to gain access to the information they require. The computer systems can then be fully protected by the IT team to ensure that there is no unauthorized access to personal information or other sensitive data.
Hopefully your office was using a firewall to ensure that your business network(s) were sufficiently protected from all of today’s cyber threats, but what do you do when your staff are all working from home? Suddenly, you don’t have control of the firewall/network devices that they are using for internet connectivity, and will need to explore alternative solutions like software firewalls and malware software that can detect threats – along with all the considerations that ensure they are purchased, installed and configured in a way that works for your specific business requirements.
This doesn’t tend to happen with business devices in the office (especially desktops that never leave the building), but this all changes when it’s a laptop in a home environment. What are the risks when you let other people (or children) use your business laptop?
Suddenly, the attack/risk vectors have changed, and it’s important to understand these and introduce controls where needed, such as policies to stop this practice by preventing unauthorised app installs and other high-risk activities.
While the Covid-19 situation was impossible to predict and plan for, ensuring that your critical infrastructure remains accessible to the staff that require it – wherever they are working from – is a must in today’s world.
The security risks faced by your organisation need to be analysed, and then actions need to be taken in order to reduce these risks. This can seem like a daunting task to begin with, so it’s recommended that you start with a cyber security audit to find out where you stand as an organisation. Once this is completed you’ll have an understanding of the risks that your organisation still face and the actions that can be taken to reduce these.