Cybersecuring Work From Home: How to start ensuring data security in an organization with WFH
What good practices should organizations follow to ensure the security of their data, especially since now that Work from Home (WFH) is becoming a norm?
Cyber threats are increasing on a daily basis. No one knows who the next victim of a data breach will be. Meanwhile, with social distancing and WFH becoming the only way businesses can function without hiccups now, how can organizations secure their data? Where do they even start?
However, secure they must, because a cyber criminal is just lurking in the dark waiting for an organization to let it´s guard down.
The Tech Panda asked a few organization leaders how to go about protecting an organization in the current scenario of cyber landscape. The following practices are imperative in order to ensure a better security posture for every organization.
To Secure WFH Secure Mobiles
WFH models have increased the use of mobile phones across the globe. With people working for close to ten hours a day, and the lines between personal and professional lives blurring, mobile activities are only going to increase. Emails, messages, chats, online transactions, there is literally no limit to what one can achieve from their mobile devices.
Securing mobile applications becomes paramount
“Hence, securing mobile applications becomes paramount. Malware, phishing attacks, and data breaches are some common issues that need immediate attention,” says Govindraj Basatwar, Head of Global Business for INKA Entworks.
Secure Home Routers, Separate Personal from Official
He advises that organizations can start by securing home routers and separating personal and official devices. They can then encrypt devices by using tools like BitLocker for Windows and FileVault for Mac OS.
A lot of small things would go a long way
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes.
FileVault is a disk encryption program in Mac OS X 10.3 and later. It performs on-the-fly encryption with volumes on Mac computers.
Organizations should also keep all OS and software patches up-to-date, ensuring antivirus is running and updated, using strong passwords, enabling remote wipe option and using VPN to connect to the office network.
Zero Trust Models
With WFH, all data usage and access have been scattered, increasing the perimeter of area that needs to be secured. In such a scenario, says Sandip Kumar Panda, Co-founder and CEO at InstaSafe, Zero Trust measures can make things easier by providing a single solution for all accesses.
With WFH, all data usage and access have been scattered, increasing the perimeter of area that needs to be secured
“Push your IT teams to operationalize modern security technologies and models like Zero Trust to protect against network-based attacks,” he says.
All Round View of Access Policies
Organizations can start by focusing on detailed risk analysis through threat-modeling exercises, which can look for warnings and signs of data leaks, infrastructure exposure, scams, etc.
Carrying out a complete digital asset inventory of the organization is a good starting point
Carrying out a complete digital asset inventory of the organization is a good starting point. This means that security teams should have an all-round view of access policies, and these resources should go through regular audits to ensure that all the known vulnerabilities are patched.
“Validate every configuration that has been put in place by your team. Carry out an audit of all your traffic flows to identify vulnerabilities,” says Panda.
Investment in Cybersecurity Education
Upskilling in cybersecurity skills is an indispensable need for organizations today, says Panda. Companies need to realize that their hierarchy is such that the lower tiers of employees being exposed to digital assets are often not well equipped to handle them, and as such, should undergo training with respect to securing their devices and enabling secure access.
Human vulnerabilities are an element of risk that cannot be avoided, no matter how robust your security setup is. It may only be countered through education
“Simply put, human vulnerabilities are an element of risk that cannot be avoided, no matter how robust your security setup is. It may only be countered through education,” he says.
Apart from the above, organizations can tighten application permissions, work further on data safeguarding mechanisms, and devise certificate pinning strategies. Enforcing session logouts, applying multi-factor authentication, and ensuring a limit on password saving practices also gains importance in the current WFH scenario.
Companies and governments need to upgrade their security setups and adopt neoteric technologies that are built for the modern network as remote working takes over in a new work environment.