The COVID-19 pandemic has shifted the spotlight back on that pesky security issue that organizations have struggled with for years. Workers are connecting to corporate networks from more devices than ever before – but moves to protect, manage and back up the sensitive information in those networks aren’t keeping pace.
The problem’s getting worse. Studies show the number of connections spiked suddenly during the pandemic, as workers handle more mission-critical tasks from remote locations. Rogue, shadow IT continues to intensify year after year. IT departments, already stretched thin by pandemic-related layoffs, are scrambling to do more with less at a time when threats are getting more serious.
That’s not all. Workers are not only hooking up more laptops, tablets and phones to give themselves more work flexibility – they’re getting sloppier about the way they manage the connections under their control. They’re replacing devices more quickly than they used to, upgrading phones every year or two. But consumers don’t always wipe their old phones clean when they give them away, sell them or trash them. The data from that confidential presentation doesn’t go away by itself.
Hackers are watching this trend closely – and capitalizing on it. Rather than storm a corporate network with a “Game of Thrones”-style, all-out attack, hackers prefer to find an unguarded endpoint, slip into a network, poke around and pilfer assets quietly before setting off any alarms.
It’s time for organizations and workers themselves to step up. They need to protect data and ensure it’ll be there for future use by backing it up. But it can’t stop there. Backups have to be part of a larger strategy that includes things like two-factor authentication and more dedicated use of VPNs. As they say, “If you connect it, protect it.” Here are four key cybersecurity strategies businesses and employees can deploy to protect and manage the growing issues imposed by the era of ultraconnectedness.
Strengthen your remote access strategy
This is “job one” for IT departments – especially with remote work promising to play a bigger role in the future. Equipping corporate networks with VPN’s for sensitive data is a good start. Just as important is the follow-through. Sophisticated role-based management tools can enable employees to work productively while also blocking them from accessing information outside of their assigned areas or sharing strategic documents. Train employees in the do’s and don’ts of accessing information remotely, and regularly review your strategy to ensure it’s meeting your corporate needs.
Manage devices ‘from cradle to grave’
Too much sensitive information is sitting on devices waiting to be had. IT departments need to take the lead on any corporate-issued phones and laptops – equipping them with security features up front and doing thorough wipe-downs before issuing to a new user. This goes for loaner devices, as well. Workers connecting to network information need to do their part, too. Kill old corporate emails from home devices, and before selling or destroying models make sure to purge any materials.
Use encryption and Two-Factor Authentication
Security breaches are all too common – and most are preventable. Basic steps like encrypting sensitive documents can protect consumers from disaster scenarios where customer data or a highly classified report inadvertently falls into the wrong hands. Passwords provide a moderate level of protection – and, if they’re updated regularly and managed properly, they can do the job. But if you’re accessing important information that could compromise the company in any way, equipping all private devices with two-factor authentication is a better option.
Doubling down on diligence
Phishing forays aren’t new, but they’re still dangerous. In an era where corporate assets are increasingly at risk, and hackers are waiting for that one opening to slip through, it’s important for workers to remind themselves to be more diligent than ever. IT departments can circulate refresher notes and conduct periodic training reminding people to exercise basic cautions like don’t enter credentials online, don’t click on documents from unknown sources and when in doubt contact IT. Keep the time-tested slogan in mind: “Trust but verify.” You don’t want to find out the hard way that communication isn’t what it appears to be.