Ontech provides IT support for Milwaukee and surrounding area businesses. In the aftermath of 2020, organizations have a heightened concern when it comes to cyber security, particularly those in healthcare, insurance or finance due to HIPAA and PCI compliance concerns.
Lesson 1) Remote Work Presents Security Challenges
As the number of remote workers rapidly grew in 2020, greater Milwaukee businesses found they had less control over their workforce at a time when more control was needed.
This lack of control created many headaches for a wide variety of organizations and telecommuters, but those who were prepared reacted quickly, implementing controls by:
- Setting strict security standards for remote workers, including the use of business grade software, virtual private networks, enhanced password controls and the use of monitoring software.
- Restricting data only to users who need it. This least access policy has always been important, but in a remote work environment it is absolutely critical. The recognition that different departments may require different levels of access was one of the most important cyber security lessons of the Covid-19 pandemic.
Lesson 2) Robust, Modern Email Security is Critical
In a remote work environment, email takes on a new significance, supporting project updates, keeping workers in the loop and creating ad-hoc meetings. In 2020, many businesses found that email was also the weak spot in their cyber security protocols, and in the aftermath, those organizations took steps to:
- Upgrade Spam Filters: Implemented modern spam filtering methods to stop phishing attacks in their tracks. This spam filter technology integrated artificial intelligence (AI) to identify problematic messages and keep them out of employee inboxes.
- Enable multi-factor authentication: The use of multi-factor authentication has always been important, but it took on a new significance in 2020, as Covid-19 lockdowns forced businesses to send their workers home. Both Gsuite and Office 365 offer multi-factor authentication as a simple setting that can offer added peace of mind.
- Implement security awareness training: Email remains the #1 target for remote workers, and email security is an integral part of any effective cyber security protocol. It’s no secret that employees are the greatest security threat. Phishing became an even bigger problem in the wake of the Covid-19 pandemic, cyber criminals took advantage of users who were unprepared to work from home. And since phishing is often a gateway to ransomware attacks, the stakes could not be higher. One great way to remediate this risk is by testing employee awareness of phishing techniques through security awareness training.
Lesson 3) Utilize the Swiss Cheese Analogy for Network Security
When you look at a single slice of Swiss cheese, it seems pretty permeable, with lots of holes for air to pass through. But when you stack a dozen slices of Swiss cheese one on top of the other, you get a slab you can no longer see through.
This is known as the Swiss cheese analogy, and it can be applied to everything from pandemic response and public health to IT security and managing a remote workforce.
A multi-layered response to cyber security challenges created by the pandemic is essential, and you can build your own nearly impenetrable stack of Swiss cheese by:
- Having a solid spam filter in place.
- Integrating security awareness training for both onsite and remote workers.
- Integrating managed security services to patch servers, maintain IT infrastructure and keep critical systems up to date.
- Deploying advanced technology, including real-time threat detection and response, backed by cutting edge technologies like artificial intelligence, machine learning and even a 24/7 network operations center (NOC). Identifying threats before they materialize will become increasingly important in the coming years.
Lesson 4) Strict Technology Use Policies Are Becoming Increasingly Important
As 2021 gets underway, businesses are finding their technology use policies need to be stricter than ever before. At the same time, those technology use policies must also be adaptive to the needs of the mobile user, including newly remote users.
In response to this lesson, businesses everywhere are:
- Updating remote access and bring-your-own-device (BYOD) policies to address a new wave of cyber threats and give newly remote workers the support they need.
- Reassessing their corporate IT security architectures, along with support needs for remote workers and remote access. In response to the challenges of the Covid-19 pandemic, businesses are increasingly adopting mass scale changes that incorporate risk/context-based mechanisms for security authentication.
Lesson 5) Secure All Tools and Credentials
The security of tools and user credentials has always been important, but just how vital it is will be an enduring lesson of the Covid-19 pandemic.
To implement this lesson, we encourage greater Milwaukee organizations to:
- Use secure communication tools like Microsoft Teams. Take steps to secure these tools through the use of multi-factor authentication.
- Keep software up to date, ensuring hackers cannot exploit easy to overlook technology tools like webcams and microphones.
- Use password managers along with best practices for password use including minimum length and complexity requirements, disallowing the reuse of credentials, denying bad passwords and prohibiting the sharing of passwords.
If your greater Milwaukee area business has questions about any of the topics discussed today, please feel free to call our support team at 262-522-8560 or send us a message online.
We hope you enjoyed this look at the five biggest cyber security lessons of 2020, and we encourage you to check out the next piece in our series. Part three of our five part series will be on the Availability of Data, a critical subject for anyone doing business in 2021 and beyond.