Digital innovation can offer many distractions to a business leader and this plays right into a cyberattacker’s hands. Alain Penel, Regional Vice President – Middle East, Fortinet, discusses how remote working can be made safer and some of the ways to avoid creating security gaps when new technology is introduced to a network.
Today’s workforce is increasingly comprised of millennials and tech-savvy individuals that are accustomed to using technology in every aspect of their lives. As a result, remote employees expect a seamless user experience across devices and locations, using personal applications and devices at work and vice versa. However, many times these employees are not considering the cyber-risks that may accompany bringing new technology into the corporate environment. The resulting security challenges have become a major pain point for organisations.
Along the way, cybercriminals are hoping that organisations will be too busy thinking about the business advantages of digital innovation to prioritise the cybersecurity components of that process. And they are watching and waiting to exploit any of the security gaps created when new technology is introduced to the network.
Addressing cyberthreats from all angles
To improve their defences, it is important for organisations to create a security-driven networking strategy from the ground up that automatically expands into any new networking environment, application strategy, or device deployment. Saving security matters until after the network has been developed only increases the odds of new security gaps being introduced and a resulting cyberattack. To prevent this from happening and to create a security-driven network, here are seven best practices that organisations can follow to better secure their digital innovation efforts.
1. Prioritising cloud security
Organisations need to remember that cloud providers only secure the underlying architecture of a cloud environment, not the data itself. An organisation’s responsibility lies in protecting the data and the applications that are moved to the cloud, along with any virtual infrastructure that they build there. Cloud security can be complex, so choosing a trusted vendor to help design, build and maintain consistent security across your multi-cloud environment, and tie it back into core, branch and mobility security architectures with a single console for holistic visibility and control is extremely important.
2. Use Zero Trust access protocols
As many data breaches are caused by individuals gaining access to unauthorised levels of network resources and devices, Zero Trust combined with strict access control is critical. To better secure those network environments even further, security teams must also introduce two-factor authentication and implement dynamic network segmentation to limit who sees what while also carefully monitoring devices.
3. Stay up-to-date on privacy laws
Massive penalties await those who violate the EU’s strict data protection regulations (GDPR). With new privacy laws on the books across the globe, including California’s new California Consumer Privacy Act which went into effect on January 1, 2020, it can be easy to go astray. Organisations should look for security tools that will offer guidance on remaining compliant amidst digital innovation.
4. Monitoring web presence
As cybercriminals continue to target vulnerable websites, security teams must take additional steps to ensure their websites and web applications are able to stand up against these threats. This includes securing SaaS apps, deploying web app firewalls and implementing Cloud Access Security Broker (CASB) solutions and endpoint security tools for mobile users. Organisations should also only choose solutions that are designed to function as an integrated system for seamless coverage and no security gaps.
5. Securing apps
Software developers who build the apps used across organisations do not always prioritise security, especially in third-party apps that are typically installed on personal devices. For these types of apps, organisations should deploy endpoint security tools, while for in-house app development, be sure to leverage security tools throughout the development process, including container-based solutions designed for agile development strategies and DevOps teams.
6. Strengthening wireless connections
Working remotely is becoming more common, with employees going online from home, coffee shops, or on the road. While this can help productivity and efficiency, organisations must be sure that these devices are connecting from secure access points. When using public Wi-Fi, cybercriminals can intercept data running between the end-user and the organisation – a risk that can be minimised by encouraging the use of VPNs and deploying wireless management solutions.
7. Extending security to remote locations
In addition to securing connectivity to and between remote locations, organisations must also take care to secure and manage the local branch LAN as well. With no on-site IT staff, these locations need a simple, comprehensive solution that secures a wide variety of traditional and IoT on-site devices, such as that provided by an SD-Branch solution.
Digital innovation is a business-critical priority, but if cybersecurity is not rolled in from day one, organisations will leave themselves and their employees open to serious cyber-risk. Remote working needs to be made safer for employees who should be provided with the appropriate tools and devices that are part of the network perimeter. Often those who work from home or remotely ignore the basic rules applied by the company, starting with adhering to the minimum cyberhygiene rules such as updating the operating system, using an effective antivirus, strong passwords and backing up data regularly. At the same time, companies must have structured polices in place for remote workers, that must be adhered to.