Cybersecurity in the Modern Workplace
When I meet with business and technology leaders, they tend to ask the same question: how do I protect my team in the “new normal” of remote work? Interestingly enough, the best way to protect your team is the same approach as it was before the pandemic.
Adopt A Zero Trust Framework
Zero Trust is when your systems and applications assume everyone is a bad guy. To be able to access the systems and applications, the users and devices need to meet certain authentication and validation requirements. This can be very specific to Multi-Factor Authentication, ensuring the device has the latest patches and a valid and updated antivirus or endpoint detection & response (EDR) application. Essentially, your device must “prove” it is protected by meeting certain requirements, and the user must “prove” they are who they say they are.
Monitor For Unusual Activity
Will your systems flag a user if they log in from California and 5 minutes later, attempt to log in from Ukraine? Is anyone looking to see if someone attempts to forward emails to an unknown email address? Modern cloud and hybrid systems can monitor unusual user activity as well as an alert when strange administrator behavior occurs.
I can’t stress the importance of this enough. The human element is always the weakest link in security. Do your users know how to recognize potential phishing (scam) emails? Have your users been trained not to save passwords in their web browsers or to make sure they have different passwords for different applications? Do your users know they should not enter their passwords from an email link? The “bad guys” know that most users don’t have the training to recognize scams and can be easily fooled. Ensure your team has a training program that can be tracked and that you are periodically testing the users. I always like to say that every organization has that one person who will click on every link. Make sure you have a way to find and train them.
Make sure you are using the latest operating systems and that they are patched. Too many organizations are running on outdated systems. Modern cloud systems like Microsoft 365 and Microsoft Azure can enforce security policies and ensure systems are patched and managed access from any location. As a Microsoft Gold Partner, Greystone can help your organization fully utilize the security solutions that come with the Modern Workplace.