Virtualization Technology News and Information
5 IT and Security Shifts for Success in the COVID-19 Era and Beyond

By George Anderson, Director of Product Marketing, Webroot, an OpenText company

At the start of the pandemic, IT teams moved at record speed to enable the shift to remote work. Now, as we move into an extended remote-work reality, organizations need to ensure the initial steps they took are truly secure and sustainable long-term. Afterall, cybercriminals are constantly evolving their tactics and companies need to ensure they are prepared with multiple layers of defense. 

Security leaders should be proactively building a cyber resilience strategy that supports the new normal of distributed workforces. These steps include:

  • Set up a continuous risk assessment to get visibility into data risks. To support a distributed workforce, businesses must review their remote working policies for data protection, as well as security, and be prepared for the variety of different work environments. However, just as one-off training is not sufficient in keeping your staff informed, a one-off security audit does nothing to continuously protect a company long-term.

    Regular risk assessments are the best way to detect a security flaw before it is exploited. Factors like the sensitivity of your business' data, the likely impacts of successful breach, your risk profile and your company's industry, should all guide the frequency of these audits. However, no matter the business, security audits should take place at least annually.
  • Understand the greatest risks and weaknesses in people, process and tech. Employees are still the weakest link in the cybersecurity chain. In fact, the primary vector for malware distribution continues to be phishing attacks, and cybercriminals are always finding deceptive ways to trick employees into downloading malicious code. Businesses need to counter this threat by educating their workforces about identifying suspicious activity.

    Security awareness training is one of the most cost-effective ways of protecting employees from attacks on their devices. Phishing attacks can be simulated and users in need of additional training can receive it at very little additional cost. And when compared to a data breach, the cost of a few licenses for security training is miniscule.

    While cybercriminals are getting better at using evasive tactics to circumvent company firewalls and antivirus software, businesses can counter these tactics with shield technology that detects, blocks and remediates evasive attacks much faster and more effectively than before.These types of innovative solutions stop attacks that elude other endpoint protection solutions.

  • Align budgets to accommodate where the greatest data loss and compromises could occur. While many businesses face pressure to cut costs, it's important to emphasize that cybercriminals will not cut their budgets. In fact, as a World Economic Forum article points out, cybercrime flourishes during times of fear and uncertainty. To stay vigilant, companies must align their budgets to protect its most critical and vulnerable data.

Investing in data security entails endpoint security, DNS filtering and security training for protection at the network and user levels. Data protection encompasses automated, encrypted backup and recovery for endpoints and servers to defend against ransomware, hardware failure, and device loss or theft. Together, these elements of cyber resilience reduce the likelihood of any one cyber setback being catastrophic for your business or clients.

  • Ensure remote devices have multiple layers of proactive and reactive defenses. With workforces more distributed than ever, it is important that employers provide endpoint security for employees' work from home devices. However, keep in mind that when it comes to free solutions, you get what you pay for in terms of protection. Currently, there's the expectation that built-in antivirus solutions are enough for blocking advanced threats. However, multi-layered security is essential to cyber resilience, and IT admins should ensure that any sensitive company data requires a secure VPN connection. Especially with employees connecting on potentially unsecure networks, it's important to guard against snooping for data in transit.
  • Establish a holistic disaster recovery plan. Redundancy is essential for cyber-resilience. Even with the best security measures in place, businesses must consider a scenario where malware circumvents defenses. Since detecting and remediating malware infections can be time-consuming, it's crucial to have copies of files and data for business continuity. To mitigate malware infections and other forms of data loss, be sure to schedule backup with file versioning. The scheduling feature is crucial since leaving it up to users exposes backup policy to human error. Lastly, remember to test disaster recovery practices and procedures to ensure you're prepared for a live disaster scenario.

Businesses must take stock of their security defenses in today's distributed environment, and plan for similar situations in the future. This ensures that IT procedures and processes can be duly updated to avoid future risks being introduced into the organization.


About the Author

George Anderson 

George Anderson has over 20 years of experience in the IT Security industry, including roles at Computacenter (Europe’s leading systems integrator), Clearswift (data loss prevention, email and web security) and now over a decade with Webroot where he oversees product marketing for business security products: Endpoint, DNS and Security Awareness Training.
Published Thursday, September 10, 2020 7:39 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2020>