Monday, December 30, 2024

Tech News, analysis, updates, comments, reviews

Mitigating cybersecurity risks for employees working remotely

Many IT specialists are supporting fully remote teams for the first time ever, so it’s important for everyone to operate with the same caution (if not more) than they would if everybody was in an office. With an increased risk of employees falling prey to cyber attacks, business leaders must leverage new policies and technologies to keep their companies and employees safe.

Here are five tips for IT specialists to mitigate the cybersecurity risks while employees are working remotely:

1. Employ basic input/output system technology

Hardware platform security has become even more important. Sophisticated hackers are able to compromise or bypass operating systems’ security protections by gaining root access or compromising the BIOS software underneath the OS. With a predominantly remote workforce, ensuring that employee devices have capabilities like BIOS resilience is more paramount than before.

Technologies like self-healing BIOS can help mitigate the risks of attacks below the OS where detection and remediation are challenging. Having these safeguards in place can ensure employees will not need to replace or reinstall hardware, provide detection and automatic recovery of the firmware system in the case of BIOS corruption or compromise due to malware, and provide a peace of mind.

2. Strategize against unsecure access points

No longer is work done just within the confines of the corporate network and access points. While this is something we were starting to see long before COVID-19, what has changed now is the almost overnight shift to work taking place exclusively outside of the confines of the four walls of the office.

While most of the world is under shelter-in-place restrictions and using their devices from home, it’s only a matter of time before workers across the globe begin heading back to shared workspaces, coffee shops, planes and everywhere else in between.

Addressing the risks posed by potentially logging onto a rogue access point is a vital consideration. Employees must be diligent in making sure that they are not logging onto the wrong Wi-Fi (sometimes slightly changed name or number). IT specialists should continue to hold employee training sessions on the danger of unsecured access points.

3. Streamline administrator rights and employee credentials

Credential and access management have long been a challenge for IT teams, many of which are over-burdened and short-staffed due to critical talent shortages. Addressing the basics of making sure users don’t have administrator rights, only have access to the systems, repositories, shares and networks that they need, and only for how long they need them, goes a long way to help mitigate against credential theft – and as a result, malicious access to more sensitive data and systems.

4. Have a “better safe than sorry” mindset with zero trust security

Zero trust goes beyond the usual marketing hype to emphasize access and privileges. The reality is that attackers are becoming increasingly sophisticated and operate like criminal corporations (i.e., they have a chain of command, an organized structure and financial motivation).

By adopting a zero trust model, we assume a “guilty until proven innocent” mindset in security. To frame it more gently, it’s about giving access and privileges based on a “need-to-know” basis.

5. Leverage contextual AI

The estimated current cybersecurity workforce is 2.8 million professionals, while the amount of additional trained staff needed to close the skills gap is 4.07 million professionals, according to (ISC)2. Combine this with attacker sophistication, data sprawl, cloud adoption, exponential growth in devices and more, and you have a recipe for disaster. To tip the scales in your favor, you have to leverage artificial intelligence at the endpoint.

These solutions are able to detect malicious activities and respond almost automatically to isolate the attack from the network and auto-immunize the endpoints against newly discovered threats. Some even offer the possibility to rollback an endpoint to its pre-infected state. However, there is a caveat all developers and employers should understand – not all AI is built the same. As a security team, it is important to understand your challenges and leverage contextual AI when applicable.

While COVID-19 has challenged businesses to think about security in a new way, the risks will not vanish once employees start getting back to the workplace. For example, if any machines were compromised while employees worked from home, once reconnected to the corporate network those machines can offer cybercriminals a door into your business. It is thus vital for business leaders to employ these security measures now, preventing the potential for a reputation damaging breach down the road.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Salesforce Flaw Allows Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications, which could potentially lead to a full account takeover. The flaw was identified during a penetration test and is tied to misconfigurations within Salesforce Communities, specifically within the Salesforce Lightning...

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.