In light of the rapid change from corporate offices to remote workforces, organisations have been forced to focus on cybersecurity more than ever. Developing a robust cybersecurity framework that cascades throughout the business is paramount to ensuring the remote workforces are as protected as their office counterparts. For most organisations, the cybersecurity foundation starts with simple, yet sensible data protection policies and rules that are consistently enforced. Several examples of easy ways to bolster your organisation’s cybersecurity framework include:
Develop Formal IT Policies and Procedures
Almost every industry has some form of regulatory guidance for organisations to adhere to. Financially regulated entities have items like CIMA’s statement of guidance, vendors and retailers must adhere to Payment Card Industry (PCI), and every organisation needs to be aware of the EU’s General Data Protection Regulation (GDPR). Creating formal IT policies and procedures goes beyond rules for employees to follow when using their work computers – it creates a foundation for the organisation to operate should it need to recover from a disaster or plan for business continuity, how they mange their third-party affiliates and vendors, and how they plan on responding to cybersecurity threats and incidents.
Train Cyber Ninja Employees
*In 2021, nearly 85% of data breaches involved some form of human element to gain entry into a network. Training your staff how to identify threat is key to preventing a cybersecurity incident from occurring. The best training doesn’t happen in a vacuum – the cyber threat landscape evolves constantly, requiring at least annual refreshers for employees to be set up for success. Our cybersecurity team conducts regular End User Awareness Training, along with simulated Social Engineering Assessments to proactively identify areas to strengthen.
Tighten Cloud-Based Platforms
Work from home is rapidly evolving into work from anywhere. With BYOD becoming the norm for more and more organisations, it’s important to employ effective mobile access policies. Spending time to review cloud-based platforms, such as Microsoft Azure and Office 365 controls will help define security baselines to ensure resources are protected no matter where they are stored. Some controls should include the use of Multi-Factor Authentication (MFA), password managers, Conditional Access policies, compliance and configuration baselines, remote management of devices, and identity protection for users and corporate resources alike. Kirk ISS regularly reviews customer baselines during our Infrastructure Audits to uncover gaps in configurations, helping strengthen their cybersecurity posture.
Think Like an Adversary
Regardless of whether you believe that “offense wins games, but defense wins championships”, the truth is there are more attackers than there are defenders in the cybersecurity workforce. *Gartner reports that in 2019, there was a deficit of nearly 65% between roles waiting to be filled and the talent pool of cybersecurity professionals. What does this mean for you? Small to medium business may not have the budget or need for a fully-fledged cybersecurity team to proactively monitor, identify, and respond to threats like large organisations, but the need is there. Kirk ISS has developed a SOC as a Service (SOCaaS) to provide budget-friendly, cost effect methods of providing proactive cyber threat monitoring. In addition, assessments like Network Security Assessments have our cybersecurity professionals simulate hacking activities to uncover vulnerabilities before they can be exploited by the real bad guys.
Balancing Security with Productivity
Cybersecurity has become ubiquitous with the current state of remote work and will continue to be a dominant concern. CIO’s and IT managers will need to strike a balance between driving productivity with the very real need to protect data from an ever-evolving threat landscape. Fortunately, our team of cybersecurity experts can help if you need help deploying any of these best practices to protect your IT systems.
Some of the cybersecurity services we offer:
• Security Operations Centre as a Service (SOCaaS)
• Network Security Assessments/Penetration Testing
• Social Engineering Assessments
• Policy Creation
• End User Awareness Training
• Infrastructure Audits
* 2021 Verizon DBIR (https://enterprise.verizon.com/resources/reports/2021-data-breach-investigations-report.pdf)