As workforces expand to include remote employees, contractors, and vendors, organizations in every industry have security concerns over the best approach to protect and secure their corporate data and intellectual property. If a medical organization loses records to hackers, or if patient information goes out through a mistuned application, the organization is potentially liable for what happens. Meanwhile, users connecting to the network and accessing resources do not want to feel as though their productivity is being scrutinized and their activity is being spied on while working. When navigating this new era of remote management, both viewpoints are legitimate. Employees need to feel trusted, and at the same time, organizations must execute processes in order to monitor systems and ensure data remains secure.
Realistically, what is the right approach? How can organizations find a balance between data protection and personal privacy? Often, organizations overlook standardization when conceiving strategies for their cybersecurity practice. Even for performing the most basic actions, establishing safe and efficient processes enables organizations to enforce a consistent way of providing IT Security.
There is a new application in the marketplace called Tattleware. It gives employers the ability to control an employee’s microphone and camera so that they can monitor and see whether their remote employees are working or doing something else. If organizations are looking to create a sense of trust, this technology might seem like an overreach on their part because it gives the impression that the organization is always digitally watching over the shoulder of their employees, scrutinizing their work, anticipating a slip-up, whether unintentional or not.
Education Backed by Technology
In the last year, the work-from-home model has accelerated, and although IT has done an excellent job of hardening their systems, securing devices, and protecting networks, hackers have gotten smarter. Because IT has locked down the perimeters, their strategies have adjusted, adapted. Currently, hackers have found more success gaining network access by taking over somebody’s machine.
How is this done? Users must be tricked into clicking the deceptive link and loading the malicious software. The link—commonly sent via email, text, or TinyURL in a text—can be disguised as an advertisement for a great sale or a message that their bank account has been compromised. If the user is unaware of the ways to identify such tactics, it can cause a breach compromising the system. In this way, hackers have gained access to banks, social media platforms, and corporate applications. Think about it from a marketing point of view. An organization sends out a million pieces of literature with the expectation that a 3 or 4% return is a successful campaign. For a hacking campaign, all that is needed is one person clicking on the link and dropping the code into their machine.
IT Security starts with education and is backed up by technology. First and foremost, organizations need to embrace cybersecurity awareness training. It teaches users how to recognize key identifiers of malicious links one might encounter while working. This helps users verify that the link is safe before clicking on it. In addition, with email filtering and the ability to test links, users receive reminders for how to spot the earmarks of potential threats and email attacks. As a result, an educated user can be valuable in stopping breaches. They can act as a line of defense and provide a fundamental layer of security. Plus, within the workplace environment, security awareness training can boost confidence and trust between employer and employee. If the workforce is educated in process-driven ways of managing their emails safely, then organizations do not need to put in place monitoring tools opening and reading private emails.
Above all, the larger philosophical issue is teaching people to take a breath and slow down. In our current work culture, an immediate response is expected, but if a person educated in cybersecurity awareness pauses for a minute and reads carefully, the red flags of malicious activity are apparent. In this way, the human component can strengthen cybersecurity.
On the technology side, patch management is essential for keeping information secure. A clear example of its necessity occurred a few weeks ago when Apple announced an emergency alert for all their iPhones and iOS operating systems. In this instance, Apple notified their user base to update to the latest release because of a vulnerability in their iMessage application. Shockingly, the vulnerability compromised devices without any user action whatsoever. Without the security update, a corrupted image, just a PDF with a malicious payload, if sent to a user, could have infected all Apple devices—iPhones, iPads, Macs, and Apple Watches—with spyware.
Besides keeping patching updated, organizations can employ a Password Manager, which has the flexibility to create complex, variable-length passwords that are cryptically stored. It provides a secure vault with the user having to only remember one master password. For connecting to network resources, a Password Manager is a more convenient and secure option than saving passwords in a browser or writing them down in a notebook. Now, in a safer manner, users can have their passwords automatically populate the login fields for different applications on multiple devices. Getting users in the habit of using standardized processes is a core challenge of enforcing consistent IT Security practices. In many cases, browsers store passwords with little or no encryption on the device, making it prone to compromise. As for keeping passwords in a notebook, it might seem improbable, but many workstations and devices are left vulnerable in this way. By simply searching around the user’s desk, it is common to find their list of passwords. Ultimately, such exposure and preventable risk can impact the organization, causing severe financial damage and brand harm.
If your organization is looking to develop an effective cybersecurity strategy, reach out to Flycast Partners. We can help move forward with these changes in a relatively easy way. Flycast Partners recognizes the need for our clients to protect their IT environment. This is one of the reasons we have expanded our selection of IT solutions to include tools reinforcing and enhancing IT Security.