Over the past decade, technology has made remarkable advancements in speed and connectivity. Having significantly altered how we live, work, transact, and communicate, the dawn of this new era has introduced the trend of an increasingly dispersed workforce. However, with it, the organisation’s cyber-attack radius has expanded as many devices and locations have become part of the new work environment.
Before the pandemic, it was easier to ensure compliance (with policies) because everyone was working from the office, which was a more controlled environment. However, now cyber-attacks can happen from anywhere, as access to company information and systems is no longer isolated to office locations; even employees’ home networks can encounter malicious remote access attempts. Hence, while hybrid work grants more flexibility and autonomy to employees, it also creates an avalanche of concerns about data security for businesses. Thus, we must move towards a Zero Trust framework, which allows us to restrict access controls to networks, applications, and devices without compromising flexibility and productivity.
As organisations increasingly invest time, energy, and money to improve cybersecurity for business resiliency and continuity, the following proactive measures should be implemented that can help enterprises reduce operational costs by preventing downtime, data loss, and financial loss, and protect them from the cost of repairing damage to their reputation.
Cybersecurity – a shared responsibility
With employees spending more time working remotely, organisations must ensure that systems, data, and vital digital assets are safe. For organisations to thrive in the current era of hybrid work, “all hands- on deck” is a pre-requisite. This means that every employee of a company needs to be educated about cybersecurity, constant monitoring of threats, and quick response protocols.
Enlisting everyone’s participation in cybersecurity is to boost an organisation’s security posture, not to pass on the burden. Even an organisation’s culture needs to support cybersecurity by making unsafe behaviour unacceptable.
Curating a cybersecurity checklist
Creating a robust security strategy is peremptory and characterised by features such as detecting risks early and incorporating risk mitigation options immediately after that. Shaping out such a strategy begins with the quantification of risks and the prioritisation of vulnerabilities. It should be the blueprint for an organisation to guide stakeholders as the business environment evolves, with the ultimate goal of protecting data from being stolen, manipulated, or encrypted.
Besides, securing the IT infrastructure is of paramount importance. The multitude of connected devices prevalent across organisations today should also be secured and continuously monitored. Creating and maintaining (with the use of automated tools) an inventory of every network device, user, and application on the company’s network and establishing timescales to maintain them by performing regular updates should be the chosen way ahead. Using vulnerability control strategies like performing regular scans of the company’s infrastructure to look for vulnerable applications/devices and plugging them at the earliest, deploying firewalls and intrusion detection protection to safeguard internal networks from unreliable external networks are some steps that will help in sealing off cyber-threats.
Most importantly, access management should be based on the Zero Trust Policy and Least Privilege principles. Zero trust operates on the philosophy of always authenticating the user or device before granting access. Along with basic security hygiene, a Zero Trust security strategy protects our digital estate by applying a “never trust, always verify” approach. In line with this policy, every user, device, or access request should be verified regardless of location (on-site or off-site). Additionally, the principle of least privilege (POLP) refers to providing the least access to the users. Similar to using parental controls on devices to protect children from accessing harmful content, this information security concept restricts the user’s permissions to only those activities necessary to their job. It is one of the best cybersecurity practises to protect privileged information.
These protocols, in unison, can not only limit user and work device access rights to authorised applications and resources but can also reflect which applications and resources an employee has gained access to and reconfirm authenticated use of the same. This enables organisations to maintain higher safety standards and curb the extent of a security breach.
Today, as organisations are experiencing enterprise-scale improvements by harnessing the power of a hybrid work culture with reduced security risks, in order to continue this growth trajectory, cybersecurity should be understood and implemented rather than spoken about!
The author is Chief Digital Services Officer at Tech Mahindra.
Disclaimer: The views expressed are solely of the author and ETCIO.com does not necessarily subscribe to it. ETCIO.com shall not be responsible for any damage caused to any person/organization directly or indirectly.