Click to learn more about author Rajesh Ganesan.
The current corporate landscape is populated by remote workers, many of whom are using non-sanctioned devices to access corporate applications and services. This transition to remote work is placing many companies at risk.
According to the 2021 Digital Readiness Survey, 83% of information technology professionals say that the recent transition to remote work has increased their corporation’s security risk. However, despite this increased security risk, only 56% of companies have adopted a security strategy to account for their increase in remote employees. This has made the current landscape a fertile ground for hackers, malicious insiders, and other bad actors.
Companies should plan to move to a zero-trust framework, meaning that IT personnel should “never trust and always verify.” It should be assumed that every access request in the network has originated from an unsafe, open location. Additionally, all users should be verified based on their identity, location, and the health of the devices.
Implement Zero Trust Principles Across the Entire Organization
With employees working outside of the office and using nonsanctioned devices more than ever, it’s important to establish a zero-trust framework. Such a framework mandates that all users are provided with only the minimum amount of access needed to complete their work.
Also, according to the “principle of the least privilege,” users should be granted the minimum entitlements to resources across the infrastructure for only the required time to complete a task.
All internal communication should be encrypted; all devices should be assessed, and any anomalous activity on the network should be flagged. Through the use of a unified endpoint management (UEM) solution, IT personnel can verify user identities, ascertain that endpoints are healthy, and block any devices that appear to be compromised.
Identify Shadow IT
Shadow IT – the use of software and devices not officially sanctioned by one’s IT department – is on the rise. In fact, according to the aforementioned survey, 78% of companies across the globe have failed to control the applications and services that their employees are using. This is a problem.
Mobile device management tools can be used to monitor tablets and phones, ensuring that only IT-sanctioned apps are accessing corporate data on these devices.
Generally speaking, all applications and systems on the corporate network should be available, up to date, and secure. It is important that IT personnel can flag all shadow IT, as these non-sanctioned apps can jeopardize network security.
In addition to identifying shadow IT, an adequate UEM solution can also automate server maintenance and patch management, ensuring that the entire network remains protected at all times.
Host Mandatory, Periodic Trainings for All Employees – Regardless of Position in the Company
Training and awareness programs should not solely be reserved for new employees or non-technical workers. Everyone, including those in the upper echelons of management, should be kept apprised of the latest cyberattack vectors, social engineering campaigns, and ways to keep the network secure.
Cybercriminals often set their sights on C-level personnel because once a privileged account is breached, bad actors can often gain access to sensitive corporate data without being detected. Thus, it’s important that everyone across an organization attend these corporate cybersecurity awareness sessions.
At our company, we go so far as to hold periodic quizzes, providing each team with a “data privacy score.” Much like the administrators do in law school, these scores are made public to everyone at the company – on an internal forum. This is not to embarrass those teams that know less about current cybersecurity trends; it is to ensure that everyone is on the same page.
Attacks have been on the rise in the aftermath of the pandemic. Phishing attacks, in particular, have increased exponentially. In fact, 52% of organizations across the globe reported an increase in phishing attacks due to the pandemic. In North America the situation was even worse, with 58% of North American survey respondents declaring that phishing had increased due to the pandemic. Additionally, 46% of North American respondents said endpoint network attacks had increased, and 37% saw an increase in malware attacks.
All of this speaks to just how important it is to employ a zero-trust framework, identify shadow IT, and host periodic training sessions. These sessions should address phishing and other social engineering trends, popular cybersecurity attack vectors, and security best practices.