Logo Header Menu

Protecting people, devices and data: the three pillars of a modern cyber security strategy

Mark Lomas, technical architect at Probrand, discusses the need to protect people, devices and data, the three pillars of a modern cyber security strategy Protecting people, devices and data: the three pillars of a modern cyber security strategy image

The mass move to home working as a result of the pandemic saw even the most prepared organisations face new security challenges. The displacement of the traditional office environment meant companies were exposed to new vulnerabilities, and cyber criminals didn’t hesitate in trying to take advantage, with cybercrime surging 72% in the first month of lockdown.

A year later, and many organisations will be taking the opportunity to review their security capabilities. From authenticating end users, who are no longer in the ‘safe’ environment of the office, to preventing sensitive information being leaked in the event of a data breach, do they have adequate protection in place?

While organisations will never be completely immune from the threat of an attack, there are steps businesses can take to protect three key assets; people, devices and data.

Creating and rolling out an effective cyber security strategy

This article will explore what it takes to create and roll out an effective cyber security strategy throughout the organisation. Read here

People

Often cited as being the biggest chink in an organisation’s armour, any cyber security strategy has to start with protecting individuals. When you consider that human error still accounts for 90% of data breaches and home working has increased the number of people using personal devices to access corporate information, the pandemic has heighten this need.

One major area of concern is the rise in ‘credential stuffing,’ which involves hackers using compromised usernames and passwords to gain access to accounts. According to Deloitte, between February and May 2020, more than half a million people were affected by breaches where video conferencing user data was stolen and sold on the dark web.

Hackers don’t always need a username though – sometimes a weak password is enough for them to work out the rest. For example, if a hacker obtains someone’s Netflix password, they could go to LinkedIn to find what company they work for – with that information, their email address will be easy to guess. They can then try that email and password with Office 365 or a corporate Zoom account.

The simplest way for organisations to reduce this risk is to implement multi-factor authentication, which is offered as standard by all of the major cloud providers. And it’s easy to set up – all you need is a smartphone.

You may also want to consider adding conditional access to ensure access is only enabled from trusted locations, so you can prevent access from countries your users are unlikely to be in.

The time is right for passwordless authentication

Paul Norbury, CEO of SecureDrives, discusses why the concept of passwordless authentication could be the way forward for organisations. Read here

Devices

With the majority of staff working from home, it’s important for organisations to assess how much control they have over corporate owned devices. It’s probable that many have been used outside of the office for over a year without ever being updated.

To tackle this problem, organisations can take advantage of cloud based tools such as mobile device management (MDM). These solutions can be used to authenticate users and ensure security on the devices are up to date before the user is given access to the corporate network – this includes the latest antivirus, firewall and software patches. MDM can also ensure employees are storing information in the places they should be, so the appropriate backup can take place and disaster recovery protocols are still functioning.

Additionally, with large numbers continuing to either work remotely or adopt a hybrid model, companies can consider adapting their Bring Your Own Device (BYOD) policy and assess whether a Corporate Owned Personally Enabled (COPE) approach, which allows individuals to use their personal devices to access corporate data, may be more secure.

The security impact of shadow IT

Gemma Moore, director at Cyberis, discusses the impact that shadow IT can have on security throughout the organisation. Read here

Data

All too often, organisations focus on protecting devices and don’t think about data as the thing that needs to be secured. This results in data being protected while it’s at rest, but, as we all know, data only sits in one place for so long – especially when people are working remotely from one another.

Even when the user has been authenticated and the endpoint device secured, it is still possible for sensitive information to fall into the wrong hands if the data itself isn’t protected. Something as simple as an employee accidentally sending an email to the wrong person could result in the exposure of sensitive data or personal information – leading to serious reputational damage.

Putting access control permissions in place can help mitigate the risk of someone accidentally receiving information they shouldn’t, as this will ensure data is encrypted, rendering it unreadable.

Given that most businesses are likely to keep remote working options available, now is the time to identify any weaknesses that may have been brought about over the last year. With cyber attackers more active than ever in their attempts to exploit these vulnerabilities, protecting your key assets has never been more important.

Written by Mark Lomas, technical architect at Probrand

Latest news

divider
Data Storage & Data Lakes
Five tips for a smooth migration to PostgreSQL

Five tips for a smooth migration to PostgreSQL

7 May 2021 / Leading organisations are always looking to find different solutions for high-performance data replication and secure [...]

divider
Disruptive Innovation
Why payment providers are set to fly even higher with cloud automation

Why payment providers are set to fly even higher with cloud automation

7 May 2021 / Seismic shifts in shopping habits in 2020, as consumers looked to e-commerce for their everyday [...]

divider
Business Continuity
Can businesses exist if they are not in the cloud?

Can businesses exist if they are not in the cloud?

7 May 2021 / For global executives, the Covid-19 pandemic has accelerated the cloud migration process. In a press [...]

divider
Cybersecurity
What CIOs and CISOs learned from managing recent cyber attacks

What CIOs and CISOs learned from managing recent cyber attacks

6 May 2021 / Enterprises around the world are deluged by a flood of unprecedented cyber security threats – [...]

divider
Government & Public Sector
Mid-market companies will be the backbone of ‘Global Britain’

Mid-market companies will be the backbone of ‘Global Britain’

6 May 2021 / Much has happened since the UK launched its Industrial Strategy in 2017, but in the [...]

divider
Tech and society
The ethical implications of chatbots

The ethical implications of chatbots

6 May 2021 / Technology is a great enabler. The countless advancements ranging from self-driving cars to virtual reality [...]

divider
Automation
What’s the hype in hyperautomation?

What’s the hype in hyperautomation?

6 May 2021 / In its 2019 report ‘Move Beyond RPA to Deliver Hyperautomation’, Gartner pointed out a lack [...]

divider
Data Analytics & Data Science
Why your big data dreams can’t come true without AI

Why your big data dreams can’t come true without AI

6 May 2021 / During the Covid-19 pandemic, the volume of data generated by online activity has increased by [...]

divider
People Moves
Kantar appoints Alex Cesar to new chief technology officer role

Kantar appoints Alex Cesar to new chief technology officer role

5 May 2021 / Reporting to deputy CEO Ian Griffiths, new Kantar CTO Cesar will be responsible for defining [...]

Information Age

Pin It on Pinterest