VIPRE Security Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

VIPRE Security

Securing a hybrid and agile workforce

960 640 Guest Post

2020 has forced businesses to revise many of their operations. One significant transition being the shift to a remote working model, for which many were unprepared in terms of equipment, infrastructure and security. As the Government now urges people to return to work, we’re already seeing a shift towards a hybrid workforce, with many employees splitting their time between the office and working from home.

As organisations are now reassessing their long-term office strategies, front and centre to that shift needs to be their IT security underpinned by a dependable and flexible cloud infrastructure. Andrea Babbs, UK General Manager, VIPRE, discusses what this new way of working means long-term for an organisation’s IT security infrastructure and how businesses can successfully move from remote working to a secure and agile workforce.

Power of the Cloud

In light of the uncertainty that has plagued most organisations, many are looking to options that can future-proof their business and enable as much continuity as possible in the event of another unforeseen event. The migration of physical servers to the Cloud is therefore a priority, not only to facilitate agile working, but to provide businesses with greater flexibility, scalability and more efficient resources. 

COVID-19 accelerated the shift towards Cloud-based services, with more data than ever before now being stored in the Cloud. For those organisations working on Cloud-based applications and drives, the challenges of the daily commute, relocations for jobs and not being able to ‘access the drive’ are in the past for many. Cloud services are moving with the user – every employee can benefit from the same level of security no matter where they are working or which device they are using. However, it’s important to ensure businesses are taking advantage of all the features included in their Cloud subscriptions, and that they’re configured securely for hybrid working. 

Layered security defence 

Cloud-powered email, web and network security will always underline IT security defences, but these are only the first line of defence. Additional layers of security are also required to help the user understand the threat landscape, both external and internal. Particularly when working remotely with limited access to IT support teams, employees must be ready to question, verify the authenticity and interrogate the risk level of potential phishing emails or malicious links. 

With increased pressure placed on users to perform their roles faster and achieve greater results than ever before, employees will do what it takes to power through and access the information they need in the easiest and quickest way possible. This is where the cloud has an essential role to play in making this happen, not just for convenience and agility but also to allow users to stay secure – enabling secure access to applications for all devices from any location and the detection and deletion of viruses – before they reach the network. 

Email remains the most-used communication tool, even more so when remote working, but it also remains the weakest link in IT security, with 91% of cybercrimes beginning with an email. By implementing innovative tools that prompt employees to double-check emails before they send them, it can help reduce the risk of sharing the wrong information with the wrong individual. 

Additional layers of defence such as email checking tools, are removing the barriers which slow the transition to agile working and are helping to secure our new hybrid workforce, regardless of the location they’re working in, or what their job entails. 

Educating the user

The risk an individual poses to an organisation can often be the main source of vulnerability in a company’s IT infrastructure. When remote working became essential overnight, businesses faced the challenges of malware spreading from personal devices, employees being distracted and exposing incorrect information and an increase in COVID-related cyber-attacks. 

For organisations wanting to evolve into a hybrid work environment, their IT security policies need to reflect the new reality. By re-educating employees about existing products and how to leverage any additional functionality to support their decision making, users can be updated on these cyber risks and understand their responsibilities.

Security awareness training programmes teach users to be alert and more security conscious as part of the overall IT security strategy. In order to fully mitigate IT security risks and for the business to benefit from an educated workforce, both in the short and long term, employees need to change their outdated mindset. 

Changing approach

The evolution of IT and security over the past 20 years means that working from home is now easily achievable with cloud-based setups, whereas in the not too distant past, it would have been impossible. But the key to a successful and safe agile workforce is to shift the approach of a full reliance on IT, to a mindset where everyone is alert, responsible, empowered and educated with regular training, backed up by tools that reinforce a ‘security first’ approach. 

IT departments cannot be expected to stay one step ahead of cybercriminals and adapt to new threats on their own. They need their colleagues to work mindfully and responsibly on the front lines of cyber defence, comfortable in the knowledge that everything they do is underpinned by a robust and secure IT security infrastructure, but that the final decision to click the link, send the sensitive information or download the file, lies with them. 

Conclusion

As employees prove they can work from home productively, the role of the physical office is no longer necessary. For many companies, it is a sink or swim approach when implementing a hybrid and agile workforce. Introducing and retaining flexibility in operations now will help organisations cope better with any future unprecedented events or crises.

By focusing on getting the basics right and powered by the capabilities of the Cloud, highlighting the importance of layered security and challenging existing mindsets, businesses will be able to shift away from remote workers being the ‘exception,’ to a secure and agile workforce as a whole.

The first and last line of defence

960 640 Guest Post

As the frequency and sophistication of cyber attacks increase at an alarming rate, much attention has been paid to high-profile data breaches of enterprise companies. Just recently, EasyJet revealed that the personal information of 9 million customers was accessed in a cyber attack on the airline; and the examples don’t stop there. British Airways was fined £183 million in July last year after hackers stole data of half a million customers and in the same month, the Marriott hotel group was fined £99.2 million for a breach that exposed the data of 339 million customers. 

With media attention typically placed on data breaches of this scale, this could give the incorrect impression that the cyber security risk to SMBs is much smaller. It’s true that SMBs by their very nature don’t have thousands of employees or millions of global customers, but that doesn’t mean that they are not a target. Every business still has a combination of employees with personal data, payroll information, company credit cards, suppliers that use their systems – all valuable data that a hacker could potentially use to their advantage. Clearly, technology has a large role to play – but technology alone can’t prevent every type of attack.

Andrea Babbs, UK General Manager, VIPRE Security, explains how a combination of technology, regular training and tools that help the user to thwart potential hacks can provide a layered defence for organisations to mitigate the threats they face….

Technology alone is insufficient

Life and work as we know it is changing as a result of the Covid-19 crisis. Businesses were forced to implement a working from home policy (if they could) almost overnight, with many unprepared in terms of infrastructure and security. Cyber criminals have used this to their advantage, producing ever more sophisticated, convincing and dangerous methods to target businesses and individuals.

Technology, including solutions that provide a vital protection against email mistakes, can help users spot phishing attacks – such as the email that purports to come from inside the company, but actually has a cleverly disguised similar domain name. This technology can automatically flag that email when it identifies that it is not an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack. In addition to email security and endpoint securitythat protects against emerging threats such as spyware, viruses, ransomware etc., this can be a valuable tool in an organisation’s armoury. 

But despite companies such as EasyJet investing significant amounts into essential cyber security software, the breach examples above clearly show that deploying technology in isolation is not enough to entirely mitigate the risk of cyber attacks. The key is to change the mindset from a full reliance on IT, to one where everyone is responsible. 

Employees are a key part of a business’ security strategy. Those that are educated about the types of threats they could be vulnerable to, how to spot them and the steps to take in the event of a suspected breach are a valuable and critical asset to a company. Employees are the soldiers on the front line in the battle against cyber criminals. They need to be trained to be vigilant, cautious and suspicious and assume their role as the last line of defence when all else fails. 

The threat landscape continues to evolve so rapidly that those businesses not conducting regular cyber security training for their employees are not secure. Relying on security software isn’t enough. But training shouldn’t just be a tickbox exercise either, a once a year session on cyber threats won’t be enough to keep the workforce sufficiently informed and vigilant. 

Security Awareness Training

Organisations cannot be expected to stay one step ahead of cyber criminals and adapt to new threats on their own. They need to recruit their employees to work mindfully and responsibly on the front lines of cyber defence. 

According to Verizon’s 2019 Breach Investigations report, 94 percent of malware is delivered by email, making it the most common attack vector. One element of ensuring that the workforce is alert to the threat of phishing emails is to conduct a regular internal phishing email campaign that can also provide analysis on which employees failed to spot the phishing attempt, and therefore, may require additional training. Would your employees know how to spot a scam attempt? What about the following real-world examples taken from actual events? 

  1. A scammer purporting to be a company executive sends an email to an employee requesting a wire transfer to be sent immediately to a supplier. With a senior colleague making the request, and added pressure at the moment to be seen as ‘working’ when working from home, the employee complies and wires funds to a fake account. 
  2. An email is sent to your outsourced HR provider claiming to be from the company CEO requesting personal employee data. Without spotting the fraudulent nature of the email, the HR provider complies and shares personal information with the scammer which could be used to create false documentation. 

Fortifying the defence strategy

The essence of a solid cyber security strategy is a layered defence that includes endpoint security, email security and a business-grade firewall for the security of your network. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. Employees can, therefore, be a proactive weapon in an organisation’s defence, or a hole in the fence for cyber criminals to pass straight through to the corporate network. That is why regular training, in addition to complementary security tools, can provide a fortified strategy for organisations to mitigate the threat of a cyber attack. The workforce should be trained to question everything, be cautious and double check anything that they think is suspicious. The difference between a trained and an uneducated workforce could mean the difference between an organisation surviving a cyber attack, or suffering the devastating consequences.