Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

BUSINESS

By Richard Menear, CEO at Burning Tree

For years, organisations have been trying to get to grips with cyber security and figure out how they can protect their systems and network from a breach.

Because the world of cyber security is constantly evolving — with new threats emerging every day — this can be a relentless task. The challenge has only intensified thanks to the coronavirus pandemic, which has seen a mass exodus from the office and employees forced to work from home.

Whilst there was initial optimism that this would only be a temporary solution, it seems remote working is here to stay. Many companies are choosing to keep staff at home for the foreseeable future — reluctant to risk bringing employees back for them to have to pack up and leave again.

However, after ironing out any teething issues, companies have also realised the myriad benefits of this flexible way of working and many organisations — including both large corporates and smaller businesses — have made the decision to introduce a permanent work-from-home policy.

But what implications does this permanent switch to remote working have for cyber security?

Maintaining control

With employees working from home, organisations have far less control than they would in an office environment. They cannot control an employee’s home, who has access to it, who can listen to conversations or even how an employee is accessing company data.

In an ideal world, IT teams should be able to trust their staff to do the right thing. However, that is, unfortunately, not always the case. Rules get thrown out the window when employees are away from the watchful eye of IT, meaning they are more likely to engage in risky behaviours that can leave companies vulnerable. For example, if security policies impede their work, they are likely to seek workarounds.

Whilst not a direct threat to security, the impact of poor staff wellbeing can also have a significant disruptive effect on misuse, abuse and mistakes — resulting in a security compromise. Social care and mental health can become a serious issue for some employees who struggle with isolation. Many employees will be working much longer hours with fewer breaks — and potentially failing to eat as well or get sufficient exercise. As such, companies should consider working with emotional support organisations, such as the Samaritans, to deliver communication around health and wellbeing to staff.

This inherent loss of control means companies must adopt a zero-trust approach to cyber security. Zero trust is based on the principle that every user, device, service or application is implicitly untrusted and will only gain a least privileged level of trust (and associated access entitlements) once it has gone through a robust Identity and Access Management (IAM) process.

No ‘quick fix’

As working from home becomes an accepted practice in today’s business environment, organisations will need to introduce additional security controls to protect systems, networks and vital assets.

Communication, education and awareness are still the most powerful methods for securing company data. Employees should be told what is expected from them when it comes to remote working and the part they play in protecting company information.

Working on the principle of ‘strength in depth’ is also key. Conditional and contextual access management (including privileged access controls) has to be the first security measure businesses implement. This will ensure that only the people with the appropriate access level and from the right location can view, share and alter company resources.

Network segmentation and zoning are also necessary to protect core systems and critical assets, whilst guaranteeing that employees can access the information they need and carry out tasks as required — with minimal disruption.

Other controls include encryption such as multi-factor authentication and enhanced network access controls like secure VPNs. With organisations increasingly embracing the cloud to facilitate remote working, companies can also use a cloud access security broker to monitor all activity and enforce security policies. Equally, Security Information and Event Management (SIEM) solutions can provide real-time analysis of security alerts generated by applications and network hardware.

However, perhaps the most critical action is to take regular back-ups and store them away from the core network — either completely offline or using a cloud backup solution. This will ensure business continuity in the event of a breach or network failure.

At Burning Tree, we have helped customers understand the impact of remote working on cyber security. To find out more about our consulting services and how we can assist with managing risk in the ‘new normal’, get in contact today.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts