The COVID-19 pandemic has shifted the spotlight back on security issues that organizations have struggled with for years. Workers are connecting to corporate networks from more devices than ever before – but moves to protect, manage and back up the sensitive information in those networks aren’t keeping pace.
The problem’s getting worse. Studies show the number of connections spiked suddenly during the pandemic, as workers handled more mission-critical tasks from remote locations. Rogue, shadow IT continues to intensify year after year. IT departments, already stretched thin by pandemic-related layoffs, are scrambling to do more with less at a time when threats are getting more serious.
That’s not all. Workers are not only hooking up more laptops, tablets and phones to give themselves more work flexibility – they’re getting sloppier about the way they manage the connections under their control. They’re replacing devices more quickly than they used to, upgrading phones every year or two. But consumers don’t always wipe their old phones clean when they give them away, sell them or trash them. The data from that confidential presentation doesn’t go away by itself.
Hackers are watching this trend closely – and capitalizing on it. Rather than storm a corporate network with a Game of Thrones-style, all-out attack, hackers prefer to find an unguarded endpoint, slip into a network, poke around and pilfer assets quietly without setting off any alarms.
It’s time for organizations and workers themselves to step up. They need to protect data, and ensure it’ll be there for future use, by backing it up. But it can’t stop there. Backups have to be part of a larger security strategy that includes things like two-factor authentication and more dedicated use of VPNs. As they say, “If you connect it, protect it.” Here are four key cybersecurity strategies businesses and employees can deploy to protect and manage devices and data in an era of ultra-connectedness.
Be Strategic About Remote Access to Information
This is priority one for IT departments – especially with remote work promising to play a bigger role in the future. Equipping corporate networks with VPN’s for sensitive data is a good start. Just as important, though, is the follow-through. Sophisticated role-based management tools can enable employees to work productively while also blocking them from accessing information outside of their assigned areas or sharing strategic documents. Train employees in the do’s and don’ts of accessing information remotely, and regularly review your strategy to ensure it’s meeting your corporate needs.
Manage Devices ‘From Cradle to Grave’
Too much sensitive information is sitting on vulnerable devices, just waiting to be had. IT departments need to take the lead on any corporate-issued phones and laptops – equipping them with security features and wiping them down thoroughly before issuing to a new user. This goes for loaner devices, as well. Workers connecting to network information need to do their part, too. Delete any old, corporate emails from home devices, and, before selling or destroying models, make sure to purge any materials.
Use Encryption and Two-Factor Authentication
Security breaches are all too common – and most are preventable. Basic steps, like encrypting sensitive documents, can protect consumers from disaster scenarios where customer data, or a highly classified report, inadvertently falls into the wrong hands. Passwords provide a moderate level of protection – and, if they’re updated regularly and managed properly, they can do the job. But if you’re accessing important information that could compromise the company in any way, equipping all private devices with two-factor authentication is a better option.
Double Down on Information Diligence
Phishing forays aren’t new, but they’re still dangerous. In an era where corporate assets are increasingly at risk, and hackers are waiting for that one opening to slip through, it’s important for workers to be more diligent than ever. IT departments can circulate reminders and conduct periodic trainings that encourage basic cautions like: don’t enter credentials online, don’t click on documents from unknown sources and, when in doubt, contact IT. Keep the time-tested slogan in mind: “Trust, but verify.” You don’t want to find out the hard way that a communication isn’t what it appears to be.