When Covid-19 hit, businesses desperately sort news ways to maintain some sense of continuity, which for a large majority, saw entire business functions move online for the first time ever.
The demand for remote access and technology was on a scale that had never been seen before, so much so, that businesses had little to no time to test and understand how this new technology would impact on their existing IT infrastructure. As a result, cyber criminals have been hard at work trying to exploit the millions of remote workers who have provided new access points to cyber viruses, phishing attacks and malware.
With this in mind, it’s important to ask yourself if your cyber security is still as effective as it was pre-covid? Like a large majority of UK businesses, you may be looking to continue flexible remote work options, but it’s probably safe to say that your current cyber security offering doesn’t meet these new demands.
Time to review…
So where do we start in order to get our security to fall in line with these changes? A good place to start would be an audit of your current security set up. A top to bottom review will help to identify any new, or existing vulnerabilities, with this time offering a unique opportunity to assess your security policies and investments for the future.
Once you’ve completed your audit, it’s time to break down the key areas and address these systematically, this may include;
Personal Devices:
In a bid to overcome lockdown restrictions and a lack of IT resources, employees have been allowed to use personal devices for all manner of work-related tasks, but how secure are these unknown devices?
As a priority, businesses should ensure these devices are all updated, and running the latest versions of their operating system. To do so, a ‘push’ methodology will force new security updates on to a user’s device, rather than relying on users to manually download and install this themselves.
Secure Access:
When it comes to remote working, it’s hard to know who exactly is monitoring your internet traffic. This becomes problematic when remote employees need access to important files on a company’s network. When assessing your access options, businesses should consider implementing a Virtual Private Network (VPN).
Establishing a secure and protected network connection, a VPN directs data traffic through an ‘encrypted tunnel’, disguising your IP address and hiding the websites and networks that you access, making it difficult for third parties to track your online activity and steal data.
Detect & Prevent:
It’s not uncommon for businesses to put a majority of their spend into preventive technology such as firewalls and end-point protection. Although this still remains vitally important, implementing remote monitoring and detection technology will make your security ‘proactive’ rather ‘reactive’, helping to detect and alert of cyber security threats in real time, and tackle any issues before they escalate.
Multi-Factor Authentication MFA:
If your team is working remotely, can you really trust who your users say they are when away from the office? Multi-Factor Authentication (MFA) is fast becoming a staple security feature, and one which businesses of any size can integrate into their existing functions.
MFA, is a multi-step verification process which is designed to strengthen security, not only by requiring a password and username, but also an item a user has on their person, such as a smartphone app to approve authentication requests.
Backup:
Aside from thoroughly testing backup and disaster recovery measures, it is important to asses if any new software, and consequent data, implemented and used over the past year is included in your backup and disaster recovery procedures.
‘Assuming’ data is backed-up in line with your policies could land you deep water further down the line. A prime example can be seen in cloud platforms such as Office 365, which only offers a 30-day data retention policy, after which all data is lost, including emails. If you’re not utilising additional long term backup solutions, you could risk permanently losing confidential and sensitive data.
Training:
Security technology will only go so far. More common than not, a business’s biggest weakness is its employees – from leaving passwords or devices unsecure, to opening unsecure attachments and websites. Learning how to identify and prevent a cyber threat should be an essential part of an employee’s job.
As part of your security policies and procedures, employees should be regularly trained to identify cyber threats, exercise good device security, password management and understand the importance of a secure network.
Managed Cyber Security:
The shift to remote working is likely to have seen IT departments stretched to their limits, with a lack of physical resource and technical ‘know-how’ slowing productivity. To overcome this, some businesses may consider outsourcing to a Managed Service Provider (MSP) to shoulder the responsibility of planning, implementing and monitoring your systems, as well as providing state-of-the-art security technology and direct access to a team of technical experts.
As an award Managed Service Provider, EBC Group provides the very best in IT cyber security, adding vital layers of protection to your business for you to operate in a secure, protected environment. Our intrusion prevention technology provides real-time protection against network threats, in addition to offering the latest and most advanced filtering systems and anti-spam systems direct from our privately owned data centres, as well as the security of a full disaster recovery solution.
For more informations on EBC Group’s Digital Workplace solutions visit www.ebcgroup.co.uk, or talk to one of our team on 0121 368 0154.
TO CLAIM YOUR FREE IT AUDIT VISIT; WWW.EBCGROUP.CO.UK/IT-AUDIT