Businesses have done a phenomenal job to keep going throughout Covid to keep people working from home, and at the same time building in those layers of security as they go. However, as this new norm sets in, there needs to be more security in place for the post covid world.
Working from home needs additional cyber security post covid
With people working from home, it is important to realise that there are now layers of security your company can’t easily control. Although there has been an inherent layer of security during covid because people have had to work at home, rather than working out and about in cafes and public places.
We recommend giving guidance on these issues to staff as they may not realise that their homes aren’t as safe digitally as they might think they are. Training helps, and it is essential. It’s also essential for organisations to undertake risk assessments of their new agile/remote working environments.
Things you should be considering:
Home environments are a business environment
If you want to breach a corporate network, then you seek out the weak links. People themselves, and home networks/devices are without a doubt weak links that need protecting.
Review your remote working environments
It’s essential that security risk registers and controls are revisited regularly. It’s also important to perform regular penetration tests.
Are the roles now paperless?
Do we need collection of classified documents for shredding?
We are sharing screens more
We need to be cautious about what we are inadvertently sharing.
The use of smart speakers and technology at home
We all know of Alexa, but there are hundreds of varieties. They are all managed by different countries using different clouds. They are recording all the time. IoT and AI are likely to further erode the privacy and autonomy of users.
Avoiding successful attacks and creating better cyber security post covid, the short answer…
Before you hide, go seek!
The biggest key to it all: do you know where all of your data is?
Layer it up
It’s essential that you rely on all 7 layers of cyber security post covid. You can’t just have one control to stop a threat, just as having antivirus software will not protect you from getting a virus. The same way locking a door won’t stop someone burgling your house. It’s best to apply the Swiss cheese model of risk management.
It is much cheaper to get your security layers in there first. The layers don’t need to be expensive, just suitable, with good architecture.
Your data, particularly sensitive data, needs to be protected whilst traveling over non-corporate networks and whilst at rest – sat on a server, the cloud, a mobile or on a laptop.
Work with what you’ve got
Most companies, even big ones, don’t have the budget or endless resources to do everything, the key is optimising what you have got. A simple one, privilege management – what are the entry limits to your digital technology?
Know your risks
It’s essential for all businesses to have a risk register, however large or small. If you don’t know all the risks your organisation faces, how can possibly ensure you are protected against them? It’s negligent to not do so. It’s important that board understands and signs off risks, and doesn’t just leave it to IT. Ask yourself what are your risks to cyber security post covid.
It’s essential that you monitor all network attached devices for anomalies. If you aren’t looking you aren’t going to see a breach until it’s too late. Many organisations don’t know they’ve had a breach until months after.
Business Continuity has been put to the test
Covid has made us test all major categories of business continuity. A few years ago, we’d test things like ‘building unavailable’. Businesses have been put into the real-life working situation of no building available, no public transport, fewer staff numbers and sick and absent staff. We have been hit with all the major categories of business continuity at the same time.
A shortage of senior cyber-security professionals
However, with a global shortage of senior cyber-security professionals, coupled with the prohibitively expensive costs of retaining a full-time, dedicated expert, many businesses may struggle to access the appropriate level of support required.
QuoStar designed the CISO Service to address this problem.
Businesses get access to a dedicated Chief Information Security Officer who will provide senior security leadership and take responsibility for identifying, controlling, and managing risk. Making sure the business’s security posture is strengthened.