Partner with us for reliable IT support. Contact us now and find out how we can streamline your IT needs!
How can you mitigate risk with your borderless workforce?
-
Focus on Identity-Based Security
Perhaps the single most important step that a business should consider is to increase identity-based security controls, rather than relying on a traditional network-centric model. Now that people are working from home as a matter of course, as well as carrying business data on phones and other portable devices, relying upon perimeter-based security is no longer viable. Network and IT teams can no longer assume a connection is safe simply because of where it came from or because the username and password were correct. Instead, we need to move to a model where we essentially put a ‘virtual firewall’ around individual users and their devices – where we authenticate each connection and transaction. Rather than allowing or blocking IP addresses and ports, we need to establish (validated) trust in people, processes and discrete systems.
-
Provide Training & Support
Businesses need to focus on educating their employees around data security behaviours and on providing the right levels of support so that if there is an issue, it can be managed effectively and quickly. Security needs to be part of the modern business culture, and everyone needs to take an active role in understanding and assessing the immediate risks and acting appropriately.
-
Upgrade Your Systems
Relying on dated systems can also be a problem when it comes to security, especially if the devices aren’t properly patched or maintained. During the pandemic, our team provided hundreds of new devices to businesses wanting to employees a borderless work solution. Every device was deployed with an automated and secure standard operating system (SOE) which can be easily maintained and updated remotely.
-
Multi-Factor Authentication
From a specific technology point of view, all businesses – regardless of their size – should be adopting multi-factor authentication. It is now very straightforward, relatively inexpensive and easy for people to use while offering an essential level of protection.
When COVID-19 hit, for instance, every employee here at Brennan IT already had multi-factor authentication enabled on their account. This meant we could all very easily switch to working from home, without any security risks and without any productivity downtime.
-
Have A Dedicated Security Person or Team
Traditionally, security has fallen into the domain of the IT team, which is typically tasked with implementing precautions and then addressing any breaches. Today, however, there’s a strong case for hiring a dedicated security resource, or an entire team in a larger business, as well as considering the outsourcing of security management to an expert provider.
-
Implement Both Defensive (Reactive) and Offensive (Proactive) Security
The security threat landscape is constantly changing, and organisations should deploy a combination of proactive and reactive security measures.
Proactive security is based on the old adage that prevention is better than the cure, and focuses on ensuring problems don’t happen, rather than detecting and reacting to them. This may include measures such as security awareness training, network and application penetration testing, red-team engagements, and modern monitoring platforms which can pick-up early indicators of a threat. These are all effective ways to lessen the chance of a security incident occurring by identifying and closing gaps before they’re exploited.
Defensive measures are an equally important consideration. These are the more traditional security controls like firewalls, log management and anti-malware solutions.
Along with a well-structured, communicated, and understood security incident response plan, these defensive measures can help an organisation react to a security incident when it almost inevitably occurs. This could be as simple as a misdirected email that needs management and communication, a phishing attack that results in a ransomware incident, or a full-blown breach with loss of commercially sensitive data.
-
Implement A Strategic Plan
Of course, to truly safeguard a remote workforce against security breaches, businesses should consider working towards implementing a strategic security plan. For example, The Essential Eight framework is widely recommended and adopted by many Australian businesses. The Essential Eight is a set of security recommendations published by the Australian Cyber Security Centre (ACSC) and is essentially a combination of technical and administrative controls – all of which are designed to work together to protect organisations from cyber attack. You can read more about our Essential Eight offering here.
Talk To The Cybersecurity Experts
If you want to learn more about how you can ensure optimal cybersecurity in your business, don’t hesitate to get in touch.
- ¹ Australian Government, Infrastructure Australia, [online]
https://www.infrastructureaustralia.gov.au/sites/default/files/2020-12/Final_COVID%20Impacts%20on%20Infrastructure%20Sectors%20Report_14%20Dec%202020.pdf - ² Security Centric, Secure Remote Work blog, [online]
https://www.securitycentric.com.au/blog/secure-remote-work - ³ HelpNetSecurity, Abandoning security when working remotely, 2020, [online]
https://www.helpnetsecurity.com/2020/05/29/abandoning-security-when-working-remotely/ - ⁴ HelpNetSecurity, Abandoning security when working remotely, 2020, [online]
https://www.helpnetsecurity.com/2020/05/29/abandoning-security-when-working-remotely/