Right now, it may seem overwhelming to look to the future. Everything from how we work, to how our children learn, to how we meet with friends for happy hour has changed; and we are more virtually connected than ever before. For an organization’s IT and security teams, this new normal is incredibly daunting as they must balance the productivity of employees with delivering the highest level of security across the organization. And for many organizations, their security perimeters are moving beyond their traditional four walls into the homes of many employees.
With so much uncertainty, there are several reliable things you can plan for from a cybersecurity perspective. Here are five you shouldn’t overlook.
- It all starts with protecting your device below the operating system (OS). Deploy an end-to-end security solution that not only protects the device above, but also below the OS, where the PC BIOS lives – the core system deep inside the PC that controls critical functions like booting the PC and controlling platform configuration. We are seeing more and more criminals deploying BIOS-level attacks. According to the Dell Technologies Hardware Security study conducted by Forrester Consulting, nearly two-thirds (63%) of companies have experienced a data compromise or breach within the past 12 months due to an exploited vulnerability in hardware, firmware or silicon-level security. If successfully hacked, cyber-criminals can obtain uncontained access to a person’s and an organization’s most important data, a risk no company can afford to take.
- The physical security of your device and data is just as important as the cybersecurity solutions deployed on your device. With many adults working from home for the foreseeable future, printing important, confidential documents from personal printers is becoming more of the norm. But these documents cannot simply be thrown out with your garbage, they must be shredded and properly disposed of in order to protect your company’s information. Additionally, with some companies closing their physical offices permanently, we will see more individuals working from co-working spaces or coffee shops in the future. It won’t matter if you have the industry’s best security software installed on your employee’s device if they leave it vulnerable to prying eyes. Tools, like privacy screens for laptops, will serve as an extra layer of security for your company’s data no matter where it is accessed. Individuals should be sure that chassis intrusion detection tools are enabled on devices so if anyone opens the computer’s chassis, or case, Windows will notify the user with a pop-up message the next time he or she opens their device. Physical presence detection tools, like chassis intrusion, are important additions to a security strategy because they send alerts to a system administrator so that they can investigate if anyone tampered with the computer hardware.
- Move beyond standalone passwords with biometrics, multifactor authentication and digital certificates for added protection. Passwords, which can be easily stolen, are no longer considered a standalone security best practice. Recent improvements in cost and complexity have made biometrics, like fingerprint and facial recognition, ripe for mass adoption. Although, like many security experts, were a bit wary of biometric technologies originally, advancements in sensor technology and the application of machine learning and artificial intelligence have strengthened the authentication algorithms and eased our concerns. There has also been an evolution around digital certificates which can be used to secure communication, verify identity and validate the source of authorized software. For situations where standalone passwords are used, organizations should encourage the use of password managers which create strong, complex and unique passwords for each login a user requires and stores those passwords in a secure repository making it effortless for the user.
- Properly train your employees about smart security practices. The sophistication level of the cyberattacks individuals are facing daily is at an all-time high, and we are seeing an increase in phishing emails, which have become so well masked, they’re difficult for even a cybersecurity professional to identify real from fake. Additionally, with many working on unsecured home WiFi networks and using their work devices for both professional and personal tasks, doors can be left wide open for cybercriminals to gain access to a user’s data. Whether it be malicious or innocent, an employee’s actions often put their company at a heightened risk. Deploying a security training program, including regular test phishing emails, is an important aspect of a full, end-to-end security strategy. Don’t forget, training is equally important for security operations center analysts and IT admins as it is for any other employee.
- Usability and protection can, and must, co-exist. Often overlooked, the decisions to purchase, use and maintain, security solutions can pose several threats to a company’s security. If tools are difficult to use or they hinder user productivity, it is almost guaranteed a user will disable or work around them and leave the organization at risk. If security solutions are too complicated or time consuming to manage, IT teams will be resistant to deploy them and keep them up-to-date. Security solutions must be easy to deploy and use, auto-update and patch, as well as provide low-volume, high-quality information and alerts if they are to be affective for an organization. Use it or lose it, as they say.
Regardless the situation, the key to successfully deploying any cybersecurity plan will be flexibility. Each organization must assess what tools they have, invest in the future and embrace tools that will adapt with the threat landscape which can change at any moment. There is no silver bullet for security, but by focusing on the right things, like the five above, you can ensure your organization is off to a strong start today and into the future.