No one is immune to cybersecurity attacks. When it comes to cybersecurity, it’s always about mitigating risk — pandemic or not. As more and more companies embrace a fully virtual model, we face a new set of security challenges and a heightened awareness to maintain a secure virtual work environment. Here are five best cybersecurity practices I highly recommend for those working remotely.
1. Embrace a Zero Trust Model
Being highly vigilant is the best thing you can do to ensure a secure environment. Think of yourself as a door hackers are trying to open in order to access private information. Pay special attention to any emails you receive, phone calls, or odd requests. Don’t click on anything suspicious that you’re not familiar with. Consider working with your IT team to implement security measures to block spam messages. You are also encouraged to use a VPN when accessing company email or client data on wireless networks. Apply any recommendations you learn from security training – they have important information and tactical insights to protect data and ultimately your organization. Get up-to-date on your organization’s incident response plan or develop your own. Have a plan for when something “fishy” occurs. If you suspect something is off, notify your IT team immediately. This forces organizations to establish policies and identify the tools required for responding quickly to a triggering event.
2. Work With Providers Who Share Your Zero Trust Model
Developing a zero trust model internally is in your control. However, when working with technology providers, you have to be sure that they share your vigilant mindset. Do they embrace a zero trust model? Do they provide a completely secure environment? One way to gauge their level of commitment to security is to see if they meet compliance standards and frameworks. Seek out and only work with technology providers whose security certifications meet these standards. Two examples of accreditations that instill confidence are ISO and SOC. ISO 27001:2013 provides a set of standardized requirements needed to establish, implement, monitor, operate, maintain, and improve an Information Security Management System (ISMS). The SOC (System and Organization Controls) 2 Type II attestation, on the other hand, is a series of standards designed to help measure how well a given service organization conducts and regulates its information. Both the ISO and SOC standards provide peace of mind for organizations seeking to engage with third-party vendors. This infographic outlines the different levels of security and certifications that are considered best practices.
3. Embrace Secure Cloud Technology
Cloud technology is considered much more secure than on-premise options, but not all clouds or cloud providers are created equal. Some providers don’t go through the hassle of securing their own certifications at the company level; they simply rely on the certifications of the public cloud subscription they use. This creates a gap in security. Make sure whoever you choose complies with high-security standards and has the certifications to prove it. The SOC 1 Type II and SOC 2 Type II attestations both address security at the company-level. SOC 2 assures the confidentiality and privacy of information processed by an organization’s system. FedRAMP is another prestigious cloud security certification that can speak to a company’s dedication to the best security practices available. Keep in mind that certifications also need to be renewed on a regular basis; seek out the latest versions, and don’t settle for those that are outdated.
Working with cloud providers that go the extra mile to certify their environment can generate great benefits for your organization. Secure cloud capabilities not only improve access from anywhere, but they are also easily scalable. Agencies that embraced cloud technologies prior to the pandemic transitioned easily to remote working. By working with a secure cloud provider company-wide, you are reducing the risk for everyone in your organization.
4. Exercise Safe Cloud Practices
When working with a cloud-based solution, it’s essential to know that the provider implements policies, technologies, authentication, and encryption that strengthen your security position. By working with secure cloud providers, you can be assured that extra security protocols are being outsourced to specialists who stay up-to-date with the complex and quick-changing landscape. Their team of experts enforces best security practices to help protect your data and infrastructure from potential threats.
For organizations that have already implemented cloud technologies, it’s essential to exercise safe cloud practices. Embrace cloud technology cautiously, including vendor risk assessment, giving end-users continuous security training, and giving special training to privileged users. Additionally, you should always keep your computer up-to-date with security patches, be aware of vulnerabilities with web conference software, and be on the lookout for potential phishing campaigns. With new challenges and stresses due to COVID-induced situations, people are more vulnerable to making mistakes they normally wouldn’t have in regular scenarios, and hackers know this. Keeping these practices top of mind can help filter any potential threats.
5. Limit Your Data Movement
Many organizations use multiple tools for certain workflows where they have to export and import data from tool to tool. Moving data is inherently risky — particularly when the data is from a client. With every movement of data, such as to and from a hard drive or thumb drive, or over a network between any number of machines and devices, there is an opportunity for something to go wrong. There is a chance of data getting lost or stolen, ending up in the wrong hands (inside or outside the organization), getting hacked by parties with malicious intent, or becoming compromised or corrupted. It’s much safer to keep all your data in one tool or as few as possible.
Secure organizations are able to operate virtually and protect themselves from persistent threats. Working securely means adapting to “new normals” that are constantly changing. For the benefit of your and your organization’s security, it is important to follow these best practices and to engage vendors who hold the same high standards.
For more information on what a secure technology provider adheres to, check out this Security Brief.