Skip to content

Best Security Practices for Enterprises in the Post-COVID World

Robert O'Sullivan

2021-02-19

Wherever you are in the world and whatever your occupation, we have all been affected by the coronavirus pandemic. In the first few months, there was a widely held hope that the damage would be minimal and short-lived, but as time passed and the threats have remained, more people have realized that the virus is unlikely to be eliminated in the near future. This leaves us in the position of making all of the necessary adjustments and best practices for survival in a very different environment. 

As COVID-19 quickly spread around the world, another pernicious threat caused damage to public and private organizations. A report from the FBI showed that cybercrime figures rose by as much as 300 percent in the wake of the pandemic. Some attackers also displayed a chilling disregard for human life by targeting healthcare facilities and research centers.  

Although cybersecurity was of paramount importance to all organizations before 2020, the coronavirus pandemic has ushered in a new era in which defenses must be secured on a continual basis. This can be achieved by implementing the following best practices. 

1. Introduce an updated organization-wide security policy that is clear and strictly followed 

When there is a clear security policy that is communicated to all levels of the organization and strictly enforced, there is a much lower chance of bad practices creeping in without notice. Employees can be found guilty of compromising security by breaking protocol to save time, while in other cases they may be unaware of their negligence due to a failure in communication. COVID-19 has brought about a disruption in working routines and security measures, so it is probably best to create a new security policy that is better aligned with your organizational changes. The next stage is to ensure it is rigorously enforced. 

2. Make use of a secure Virtual Private Network (VPN) for all of your remote employees

Providing your employees with VPN access is a minimum requirement for enterprises that offer their employees the chance to work remotely. This provides an encrypted connection to the corporate network when it is accessed over the public internet. Without this, employees that are gaining access to the network while working from home would be vulnerable to attacks from cybercriminals that have adapted to the new mode of working. A respected VPN service must be used that is reliable and secure. 

3. Secure all of the endpoint devices that are connecting to your corporate network

When there are multiple devices that are able to gain access to sensitive data on the cloud network, there is a greater number of vulnerabilities that hackers can identify and exploit. This means keeping to a strict bring your own device (BYOD) practice as part of your security policy and securing all endpoint devices that are used internally. All devices must be tested to ensure they meet the security requirements detailed in the policy, they must have adequate security software and ready for the use of detection and monitoring. 

4. Ensure that all of your remote employees have all of the security measures in place and are not compromised in any way

In addition to installing a VPN, there are some other security practices that need to be kept to when your staff is working remotely. Multi-factor authentication (MFA) is an important way of securing remote access, in which at least two forms of verification are used in the authentication process. This may be a slight inconvenience for individuals but according to Microsoft, it can potentially block 99.9 percent of account attacks. Other good practices are to reset home Wi-Fi routers, which may be open to attacks when default passwords are not changed, and introducing a password management policy.  

5. Enforce a higher level of encryption for all data used by the enterprise

Encryption is an essential measure to secure different types of data that is vulnerable to attacks. This is especially important for sensitive data, such as personal information and financial records. Cloud data that is both stored and in transit must be encrypted so that vulnerabilities cannot be easily identified by attackers. Encryption may be symmetrical or asymmetrical, it may use the AES standard, and it may be applied to files, folders, volumes, or whole disks. There are many encryption services, such as BitLocker or FileVault.  

6. Maintain very high standards when choosing your vendors

In every industry, there is an increasing number of vendors that compete to provide the best solutions on the market. This can make it difficult for organizations to decide on the vendor that is right for the job. In this decision-making process, an important aspect to focus on is the levels of compliance. This can be assessed by looking at the compliance record of each vendor relating to particular regulations, and whether they have compliance certifications for auditing purposes. It is also best if your vendors install patches quickly, carry out regular risk assessments, and offer data and network availability on a 24/7 basis.   

7. Carry out measures of due diligence in order to identify and remediate the risks posed by vendors 

With all of those vendors mentioned above, organizations must be certain that they understand all of the networks and applications used. Every organization strives to offer security, resilience, and functionality in all of its services, which means doing due diligence on all deployed systems and application lifecycles. It is also best to follow the relevant recommendations from the provider and work with your vendor to find the best way to use their applications and systems.  

8. Make sure your Identity and Access Management (IAM) solution is effective and multi-layered

A high proportion of security breaches are related to identification, authentication, and authorization, which are the main components of IAM technologies. There are various methods of unauthorized access and account hijacking that can result in damaging incidents. These risks can be mitigated with the use of a reliable IAM solution that will involve role-based access management, identity governance, and multi-factor authentication (MFA). Another measure is to implement user-level data security to ensure internal and external security standards are kept to. 

9. Ensure that you have an adequate level of protection against phishing and other malware threats

A recent survey showed that 88 percent of organizations experience phishing attacks, while only 3 percent are able to recognize a sophisticated phishing attack. Phishing campaigns have undoubtedly been on the rise in the coronavirus world, along with other malicious attacks, such as vishing, and social engineering. It is possible to apply protective layers that filter out phishing and malware threats in email and other channels of communication. Another approach is to build a secure line of defense in your employees, in the form of training. 

10. Implement full training programs to be sure you have a powerful human firewall in your employees

The insider threat is the cause of a high proportion of data breaches, though this is more often the result of error or a lack of education than it is intentional. The obvious solution to this shortcoming is to introduce a rigorous training program that will explain to employees why security measures are so important and what they can do to combat cybercrime. These programs need to be thorough and ongoing to give regular practice and raise awareness of the most recent threats. Training programs also help to cultivate a security culture that perpetuates a positive message of best practices. 

It is very easy for security issues to be overlooked when there are so many pressing matters in every enterprise. But with a continual rise in cyber attacks in recent years that has been exacerbated by the global pandemic, IT security has reached a point where it must be given priority. It’s time to pay attention to every threat and put a system of best practices in place.

NewPush are the security and compliance experts with solutions that will transform your organization and address every one of your security concerns.

NewPush Events

Upcoming webinars

Security Automation for SOAR and Remediation in Higher Education

John McClure, CISO, Laureate

Register

Successful delivery of RPA for IT Compliance

Mark Johnson, Senior Principal, EY

Register

RPA in Higher Education

Jeff Tannebaum, VP IT Compliance, Laureate

Register
© 2021, All rights reserved. | NewPush LLC. | newpush.com