Covid-19 has forced every organisation to review the way that they operate. Having to introduce distance to interactions, and rely on technology, has added additional strain for many. Tech Republic reported that 46 per cent of businesses have experienced at least one security incident since the start of the crisis. This is an alarming statistic, highlighting that Cyber Security should be of paramount importance as we move towards a new way of working.
Maintaining a strong security posture is essential, but it can be difficult and organisations often don’t know where to start or how to identify areas for improvement. Organisations of all sizes must handle the securing of their networks, in line with sector and technology specific regulations, and manage teams that are more dispersed than ever before.
To support companies working through this, we are in partnership with Alert Logic to deliver a broad range of Cyber Security solutions. From initial Discovery Services that are focused around providing better visibility and intelligent management, to full Managed Detection and Response Services, we’ve combined our specialties to help secure companies end-to-end.
- Securing your networks
24/7 visibility across your network is vital. As a result of using the right technology for Cyber Security, managing your network becomes easier because you can see all end points, address the most vulnerable areas and detect threats in real time. The difficulty comes in managing these technologies. Deterring today’s threat landscape is a 24/7 task, and most breaches occur outside of regular office times. If you aren’t running a 24/7 security operation, you’re putting your IT estate at risk.
It shouldn’t be forgotten that your organisation’s network also includes your supply chain. To secure your company’s future, you need to be able to trust your suppliers. In a recent blog by the National Board of Corporate Directors, two key pieces of advice were to review contracts, suppliers and customers, and to assess those in the value chain. This will support aligning to insurance coverage, flexible cost management and show where multiple or alternative suppliers are necessary to keep your organisation going. Ensuring your technical and supplier networks are secure will ensure your operations aren’t disrupted.
Many sectors have regulations and standards that must be adhered to. For example, for Finance Teams there is MiFiD II and Making Tax Digital that must be complied with. The UK Government has postponed the changes to IR35 to 2021 in light of the current situation; however, it will still need to be prepared for. The Legal Sector, Public Sector and Healthcare organisations also have to consider operations and procurements against strict guidelines, including data protection rules such as the General Data Protection Regulation (GDPR). Even though the current situation triggered quick decision-making, procuring services, building partnerships and day-to-day operations still need to happen with compliance in mind. Without doing this, companies could begin to rise out of this downward struggle only to be fined.
On top of this, there are specific Cyber Security frameworks that are advisable to adhere to, and Cyber Security compliance mandates to follow. As explained in this Alert Logic blog, the National Institute of Standards and Technology (NIST) has released its Cyber Security Framework as a way to assess risk, whilst retail and e-commerce organisations are bound to the requirements of PCI DSS. Together with Alert Logic, we are committed to helping you work with NIST guidelines and apply them to your operations to the best effect. Our expert service and industry-leading security tools are here to help you.
Within the topic of compliance, it must be mentioned that not keeping on top of technology updates can cause you to run at risk. Using old tech often means less support is available if problems occur, and with aging IT, you are even more vulnerable. Your organisation deserves better.
- Remote working
Where possible, organisations have moved to remote working, or at the very least, distanced working. Technology has been the biggest enabler of this. Looking to the future there are strong indicators that businesses will have many employees working from home permanently. The course of the past few months has drawn attention to the technical skills and training of workforces. Now, more than ever, the ‘people’ element of security is vital to maintaining a strong posture. Threat management and constant vigilance are key for ensuring Cyber Security in this situation. Recently, Cyber Security vendor BitSight estimated that some malicious software is 20 times more frequently present on home networks and the 2020 Data Breach Investigation Report by Verizon showed email links as the top Malware vector, even before Covid-19, and since then the vector has continued to soar.
Basic, yet essential, measures you can take to immediately reduce the risk of remote working include:
- Remind users to be suspicious of emails from unknown sources, and to not open file attachments or click on links. Stress the fact that cybercriminals will seek to capitalise on the current chaos and make sure people know to exercise extreme caution with any email that asks for credentials or other sensitive information.
- Make sure that computers — whether company-issued laptops or personal home PCs—are patched and updated against the latest threats.
- Verify that the devices used to connect to network resources or access company data have endpoint protection.
- Emphasize to employees the importance of ensuring their home Wi-Fi router is not using the default password, and that they should use a unique password for connecting to the Wi-Fi network.
- Ensure that workers connect to the company network and sensitive data through secure means, such as a Virtual Private Network (VPN) connection, and remind them to store data on company-sanctioned Cloud storage platforms.
Your employees need to be aware of what to look for, and be confident in handling suspicious emails. This awareness and confidence should come from the education and support that you deliver to them, not only through these uncertain times, but always.
These three considerations are vital to the running of your organisation, but they require a lot of thought and work. Such complexity can be simplified by working with an experienced partner. Choosing a specialist partner engages your teams with the expertise and support they require to ensure your organisation remains secure. Wherever your workforce is based, our Cyber Security Services can be tailored to your business. We're here if you’d like to have a basic conversation around your current security posture, and the measures you can put in place to enhance your posture during and beyond these times.