Work from home: Rethinking security for a boundaryless world
- Posted on October 20, 2020
- Estimated reading time 3 minutes
How many Internet-connected devices do you have in your home, counting your TVs, your smart speakers and tablets? And how many passwords do you need to remember to log into every single one of your cloud accounts or devices, assuming – of course – you use a unique password for each one?
The reality is that even before the coronavirus pandemic sent millions of employees to the home office, our personal digital ecosystems were already fraught with risk and complexity. Now, as we bring our work home for the foreseeable future, those risks are more urgent and in need of mitigation.
With all that said, here are a few of the most effective ways security leaders are helping to rethink cybersecurity for a new world of working.
Avoid sharing networks with your family and gizmos
Bringing our corporate laptops onto the same networks as our TVs, our children’s phones and smart speakers, is dangerous. It gives hackers the opportunity to target less-protected consumer devices and non-corporate users (like your family) who likely possess far less security awareness than you and your colleagues.
So, what can be done? To start, have employees segment home networks, grouping IoT devices and family devices separately from devices containing business-related data. If possible, give employees a second router solely for work-related data. At the very least, have your colleagues review and strengthen the security settings for all the devices connected to the home network. It’s also a good time to have conversations at home with your family about responsible cybersecurity practices.
No more time to delay zero trust adoption
We’ve written previously about the slow adoption curve of zero trust – a security model based on explicit verification rather than implicit trust. This worrying trend is more relevant than ever, as businesses increase their reliance on contract, part time workers. (Gartner reports that 32% of organizations are replacing full-time employees with contingent workers, as a response to economic uncertainty.)
All of which means security teams need a robust and efficient way to protect data when it is being used, migrated or stored, and the ability to control access to that data. Enabling zero-trust with modern identity solutions is the only viable approach to get all that done, effectively, as most of these workers are going to be outside the old company secure perimeter.
Treat third-party providers like your own
Another security issue this pandemic has brought to the fore is our dependence on the supply chain and our exposure to the short comings of third-party providers. A recent report from the Ponemon Institute found that 59% of all breaches were caused by a failure at the third-party level. While you might be doing everything in your power to protect your own users and data, are you sure your partners and providers can say the same?
It’s now essential for you to gain full view into how your closest collaborators are handling the sensitive information you make available to them. Assess your third-party relationships with the same scrutiny you do internally. What data do they have access to? And what practices are in place to protect it all?
Create urgency from the top down
Knowing what you don’t know can sometimes make all the difference. This is a lesson that security teams can apply to C-level leaders as well as everyday employees. With security breaches making the headlines and the devastating impact to a company’s reputation, security is vital to the business’ long term success. Awareness campaigns across the enterprise and having the board engaged in ensuring accountability are no longer optional as the threats continue to rise and evolve on a daily basis.
Partner up to scale your capabilities – and business
One thing that surprises me about the state of security is just how slow many businesses are to adopt a managed security model. Doing so limits your insights, response speed and effectiveness.
Engaging a managed detection and response provider as part of a managed security solution will help you to detect and resolve cyber compromises, faster and better. Our Avanade security team can work alongside you to give you more insight, effectiveness and agility, while giving your core team the capacity they need to focus on what counts most – growing the business.
In our disrupted world, it’s time for security leaders to rethink their view of where the threats are – and how they can get proactive to stop them. Perhaps nothing will make a bigger impact on the sustainability of our businesses as we reset and renew for a new world of working.Visit Avanade's security page to find out more.