Why you need a post-COVID security health check
- Posted on August 9, 2021
- Estimated reading time 3 minutes
When the pandemic struck back in early 2020, everything changed overnight. Organisations scrambled to adapt to the new world of remote working, often at the expense of security. CISOs and security chiefs, usually the first to say ‘no, you can’t do that – it’s a security risk’, had to say yes to everything just to keep their organisations running.
Company codes were re-written, security policies were transformed, and user privileges re-assigned and re-defined. Laptops were issued, desktops taxied to homes across the country, and employees started using their own unmanaged personal devices for work.
Assessing your post-COVID security posture
In the rush to give remote workers the digital breathing space they need to stay productive, security protocols have been relaxed. But almost every organisation must admit that it couldn’t possibly have kept track of every security change. There are simply too many variables. And that means we’ve run the risk of creating security loopholes that might only become apparent many months later.
But what kind of changes? It could be giving external contractors access privileges or opening up internal apps to wider use. Or adding modern authentication and conditional access policies without disabling basic authentication and legacy protocols, leaving you open to password spray attacks. Or forgetting to change passwords or tightening up device management protocols.
It’s all too easy to lose track of what’s been altered. It’s the kind of opportunity cybercriminals rely on: when security rolls back, hackers leap forward to test your weakest attack vectors.
It’s the right time to thoroughly assess your security – especially as cybercrime levels rocketed during the pandemic. Email scams increased 667% and RDP Brute Force attacks grew 400% in the months following March 2020. According to IDC, 58% of firms believe they are now vulnerable to a serious cloud breach.
One company we spoke to discovered that 80% of its laptops were either no longer reporting back to their endpoint security management system or hadn’t received the latest patches. That’s 4 out of 5 laptops lost or insecure!
This isn’t an isolated case – it’s happening everywhere. So many organisations have made countless changes in a hurry and quickly lost track of what the changes were and how they impact security.
It got us thinking: is any CISO or security chief 100% sure of the changes they’ve made during the COVID emergency and how security might be affected?
Don’t leave holes in your security posture – get a security health check
To help you boost your security and identify potential weaknesses, we’ve created a 4-day Security Health Check. For the price of a high-end desktop workstation, we’ll help you identify security weaknesses and explain how to fix them. It’s a sensible, worthwhile investment that represents incredible value.
We analyse your security to ensure you have the important bases covered. We’ll spend two days on-site assessing your workplace security procedures, your approach to zero trust, your current security roadmap, and your core business drivers – such as moving to Microsoft 365 or Teams, for example.
We then spend an additional two days offsite to collate a report and actionable recommendations. The health check deliverables include:
- A comprehensive set of security and security strategy recommendations.
- Expert advice to help plug the gaps in your security and reimagine your security strategy.
- A proposal to target c-level audiences for approval and investment.
- Guidance to help you optimise existing Microsoft security investments
The Security Health Check will also help you build a sound security strategy. An up-to-date security strategy, spanning governance, reporting and compliance is nothing less than vital. If a breach happens – even if data is compromised – it’s essential that solid reporting and compliance practices are in place.
Security is in our DNA
Avanade was named Microsoft’s 20/20 Zero Trust Champion winner of the year and is the expert in securing your Microsoft and hybrid ecosystems. Our security services provide a holistic approach through advisory, implementation, and managed services to protect your business now and in the future.