Show Location flexibility is one of the perks of working remotely. But as telecommuting becomes more of a standard practice, data security becomes more of a concern. From employees using unsecured Wi-Fi networks to workers carrying confidential papers with them to public locations, remote work has added additional levels of security considerations for companies and their data. According to Shred-It’s 2018 State of the Industry Report, 86% of business executives believe remote workers increase a company’s chances for a data security breach. Company leaders and their employees need to accept equal accountability in doing what they can to protect their company’s information. To start, leaders should educate employees about data security and how everyone is responsible for protecting it. They also need to initiate certain practices and procedures that will strengthen data security within their businesses. Remote workers must also prioritize data security education and safe practices, then commit to those measures. So what can companies and their remote workers do to protect their data? Here are six ways to get started. The first step in protecting company data is to make sure all employees know that data security is a priority. Believe it or not, some employees today might still not be aware that data security is something they should be concerned about, at both a personal and professional level. Employees may assume if they are not working directly with customer data, or if they are not operating at an upper level within the company hierarchy, then they simply don’t need to worry about data security. Organizations cannot assume their employees know anything about cybersecurity or their role in it. The best place to begin is by establishing a cybersecurity policy. Require all new and existing employees to review and sign the policy, regardless of whether they work remotely or not. The policy document should cover the reasoning behind having a policy in the first place, as well as details outlining all of the various security protocols employees are expected to comply with, how the company will support them in complying (i.e., which tools and resources they will provide), and a place for the employee to sign their commitment to following the policy. Everyone in the company must take ownership in protecting employer data, and by having an established policy in place, all employees — remote-working or not — will be on the same page as to what the expectations are. Related Article: Your Riskiest Data Is Often Hiding in Plain Sight Using an unsecured Wi-Fi network is the most common way to expose your company to a data security breach. Everyone understands the need to get out of the house every now and then as a remote worker, and the lure of your local coffee shop — with the comradery of other remote workers and your favorite hot beverage — can be the perfect break. The last thing you want to do is forbid employees from working where they feel most energized and motivated. In this case, the remote workers just need to be educated about how to make sure they can keep the company's data secure. The easiest solution is to require employees to use a virtual private network (VPN). Using VPNs before signing on to public Wi-Fi networks will encrypt the internet traffic of the remote worker and monitor for any signs of infection. Remote workers can still get out of the house when they feel isolated, and companies can ensure their data is secure. A note of caution: not all VPNs are created equal. To make sure your organization is using the right VPN, verify the VPN you are using covers all of the factors you need it to and not just last-mile encryption. After you decide the standards you want, review the provider's reputation and conduct a cost comparison. Related Article: How to Improve Support for Remote Workers Password safety is another relatively easy way to protect your organization’s data. Many people joke about password safety, admitting they use the same password from device to device and program to program, but educating remote workers about password protection is key to securing your company’s data. Offering password security training can be yet another step in cybersecurity training for employees. Start with the basics of how to keep passwords strong and why it’s so important to not use the same one over and over again. Another way for organizations and employees to mitigate this risk is by using a password manager that can randomly generate passwords for you and that stores all of your passwords safely. Then employees won’t have the daily struggle of remembering all of their different passwords for different programs and the company data can remain secure and uncompromised. Related Article: Why You Shouldn't Make Fun of Mark Zuckerberg's Password Many organizations are moving to two-factor authentication (2FA) for their data security management. This method confirms a user’s identity by first requiring a username and password, as well as another piece of information, whether it be an answer to a “secret question” or perhaps a PIN that was sent to their cell phone. Passwords can often be compromised or stolen, but with 2FA, the chances of someone also having the additional security question’s answer or a PIN is unlikely. This added layer in the security process can provide remote workers and their organizations the peace of mind they need in this digital age, when passwords just aren’t enough anymore. To take it a step further, companies could move to multi-factor authentication requiring additional verification that might include biometrics like retina, voice or fingerprint recognition. The authentication is definitely more complex — and more expensive — but it could be worth it depending on the level of security an organization needs. Related Article: Goodbye, Passwords ... Hello, Biometrics Using encryption software is another way companies and their remote workers can protect themselves. If an employee’s device is stolen or lost, the information on that device can find its way into the wrong hands and expose the company to data breaches and vulnerabilities. Encryption software can protect company data by barring access from any unauthorized users of those devices. Additionally, businesses should be mindful that any programs used for chatting, email or applications should utilize end-to-end encryption. Popular programs like Microsoft Office and Adobe Acrobat, for instance, can easily encrypt files and documents that your remote workers use and share with coworkers. Related Article: Cybersecurity Demands We Think Globally, Act Locally Require remote workers to have up-to-date firewalls, antivirus software and anti-malware on all their devices — including cell phones and tablets, in addition to their laptops. Companies might also want to consider having the ability to remotely wipe devices in case they are lost or stolen. Mobile device management platforms can perform most or all of these services, allowing remote workers to continue to use their own devices while ensuring the safety of company data. This is an example of when a remote worker might need assistance from their employer in making sure their devices have these protections installed. Employees don't all have the same level of technical expertise, so any organization concerned about their data security should be prepared to offer technical support help. This could mean establishing partnerships with local tech support services near their remote workers or building a centralized internal tech support team that can walk employees through the necessary processes. Remote work does not have to jeopardize data security. Once remote workers are educated and these top cybersecurity procedures are implemented, they can quickly become standard practices that everyone in a company can commit to with ease — and everyone within the organization can feel confident that they are doing all they can do to protect the security of their employer’s data.
Business networks are under more pressure than ever before. Cyber security threats are increasing, and the complexity and sophistication of the attacks mean that network security cannot and must not be taken lightly. The risk of a network breach for organisations large and small is too great. Cybercriminals are becoming more sophisticated in the way they target networks and one thing that is making things more difficult for Network Managers and security teams to control and manage is the number of devices that are connected to the network. From personal mobile devices to wireless speakers, connectivity continues to grow exponentially, and this adds to the number of applications and platforms being accessed in the workplace. Monitoring and securing all these devices is problematic. Not only do you have to manage the devices of all the people working within your business, but also anyone that connects to your business network (e.g., visitors, contractors etc). All this added connectivity increases the vulnerability of your network to a security breach and cybercriminals are using a huge range of methods to capitalise on these vulnerabilities to breach networks. Securing your company networkWhilst good network security requires businesses to invest in the appropriate network and cyber security solutions, good network security starts with getting the fundamentals right. Businesses need to create a security-centred culture and that starts with the staff. Training and education are an essential part of building a secure network environment and they should be an integral part of any onboarding process for new staff members as well as including regular updates as part of staff training programmes. Whilst you can try to manage your network security through software solutions, without the buy-in from staff, you will always be fighting a battle to stay on top of your network security. It is important to create a culture that is devoted to network security, where the first thought people have before they connect a device, click a link, or share a file is “is this a secure way to do this?” The only way to achieve this culture is through training and education. Training should cover off key security threats that are most likely to impact individual staff such as password security, phishing emails, suspicious activity on their devices and regularly updating the software of any device that connects to the network. Training needs to be top to bottom as well: from the CEO to the cleaning team, every member of staff must undertake compulsory training as it is likely that they all connect to the network in some way and anyone is capable of carrying out an action that increases the threat to the security of the network. 5 ways to make your business network secureWhether you work for yourself, run a small business or are responsible for the security of a large enterprise network, there are some basic network security steps you should take in order to cover the fundamentals of network security and ensure you have a first line of defence against potential threats. Of course, network security requirements will be determined by the number of devices connecting to the network and if you are a large enterprise with potentially thousands of connected devices on your network, there are going to be many more steps you need to go through in order to protect and secure your network. These five steps, however, will help to form the foundations of a secure network: Perform a network auditWhenever you are trying to improve any aspect of your business, the first step is usually to carry out an audit so you can evaluate your current position and put in steps to improve areas that are underperforming. This is also true with network security. It’s impossible to improve your network security without first knowing your weaknesses. The goal of a network security audit is to identify and assess the following:
The size and depth of your network security audit will, of course, be dictated by the size of your organisation and the number of connected devices and applications running on your network. A network security audit is a subset of your overall cybersecurity processes and policies and has a specific focus on the network itself. Staff members or visitors walking out with data on a memory stick or sharing proprietary information with a social engineering hacker falls under Cybersecurity, whereas network security, being a subset, covers what that user does on the network itself. The results of a network security audit will help you to put a plan in place to improve the areas identified as weaknesses in your audit and this can either be done internally or through a third-party network security provider. We’ve already touched upon the importance of anti-virus and anti-malware software and it is not enough to simply ensure that all devices connected to the network have sufficient protection from such software. Most businesses will purchase anti-virus and anti-malware software that can be deployed at an enterprise level. This means all staff devices – desktop or laptop computers, mobile phones etc – will have this software added to them when a new device is assigned. Over time, however, that software becomes outdated and in a lot of circumstances, users never update the software again, creating network vulnerabilities every time they connect. Updating your anti-virus and anti-malware software should be a priority, however, it should also form part of a regular and ongoing schedule for updating all user software on connected devices across the network as this is one of the most common breach points for cybercriminals. Invest in a VPNA Virtual Private Network (VPN) encrypts your network to ensure online privacy for all your users. VPNs mask your internet protocol (IP) address, so your online actions are virtually untraceable. Most importantly, VPN services establish secure and encrypted connections to provide greater privacy than even a secured WiFi hotspot. A VPN blocks your activities, data, browsing history, communications, and other personal information from prospective hackers. As mentioned above, it also helps to protect your files when using a public WiFi network. If you have staff that work remotely and regularly connect to public WiFi networks (in cafes, restaurants, airports etc), then a VPN is an essential line of defence. Set up a firewallLike a VPN, a firewall is an essential line of defence for your network and if you don’t have one in place already, you should make this a priority. A firewall can be installed on individual devices and your anti-virus or anti-malware software may include firewall protection, however, in addition to protecting individual devices, a firewall can also be set up as a web application firewall (WAF). A WAF helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF is particularly important for e-commerce businesses that sell products online or store customers’ confidential information. Installing a WAF will help to protect all your stored data. Establish a network security maintenance systemWhilst your initial network security set up is essential, it’s equally important to put in place a network security maintenance schedule. This schedule should cover key actions including:
These are just a few of the most basic steps that should be included in your maintenance schedule. Depending on the size and complexity of your organisation, it is possible there will be many more elements included in your maintenance schedule in order to keep on top of potential threats to network security. It is essential to remain proactive – network security is not a “set and forget” process. Establishing a maintenance schedule ensures you keep on top of the latest threats and importantly, you keep your staff up to date with all potential threats. Most network security breaches occur due to a lack of systems and processes. It would be rare for a business, no matter how big or small, not to invest in some sort of cybersecurity solution to protect both their devices, but also their network. The software is only part of the solution, however. You must continually invest in the people within your business as users are more often than not the biggest threat to your network, usually unwittingly. NEC New Zealand partners with strategic vendors to provide best-in-class Cyber Security solutions to our customers. Our expertise in Cyber Security and next-generation security platforms enables protection against advanced cyber security threats to protect today’s networks. NEC provide core products that include advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of Cyber Security. We tackle Cyber Security problems at a strategic level, providing solutions that tackle the increasingly complex Cyber Security threats that businesses face in their daily business dealings. Our Cyber Security solutions include: • Firewall • Unified Threat Management (UTM) • Intrusion Detection Systems (IDS) • Intrusion Prevention Systems (IPS) • Endpoint Protection • Web Application Firewall • Network Access Control (NAC) • Identity and Access Management (IAM) Talk to the team today and learn more about our network and cybersecurity solutions. |
What is a common way to help protect devices connected to the company network?
Postagens relacionadas
direito autoral © 2024 aprendervalor Inc.
