Page 30 - Cyber Defense eMagazine for July 2020
P. 30
Improving UYOD Security
While all organizations face increasing risk at the endpoint, small-to-medium sized businesses (SMBs)
are particularly vulnerable to a cyberattack. How could they not be when they are operating on thinner
margins, with limited IT staff and less financial reserves than enterprises? To minimize security risk,
SMBs need to put these practices in place when personal devices are being used to access business
data:
Embrace a Cultural Security Mindset. One of the obstacles to getting personal device security
under control is the mindset that someone else, usually IT, ‘owns’ the cybersecurity and data
protection problem. Even though 70 percent of data breaches are known to start at the endpoint,
this data point isn’t translating into the average employee or contractor’s consciousness.
No matter how strong defenses are, users can introduce threats to a company’s networks by:
• Falling for phishing scams
• Posting secure information on social media
• Inadvertently giving away credentials
Employees will more enthusiastically embrace BYOD/UYOD security protocols if management
has effectively communicated not only the how behind day-to-day practices to prevent malware
or other attacks, but also why mitigating risks is so critical. Acceptable use guidelines might
include:
• How to detect social engineering tactics and other scams
• What constitutes acceptable Internet usage
• How remote workers should securely access the office network
• How to properly use password management systems
• How to report security incidents according to their urgency
To encourage employees to adopt ownership of their own device security, it’s important to note
smaller enterprises thrive on being more nimble. This ‘get it done now’ mentality can lead to
applications being put into play before being thoroughly vetted for access controls and may cause
a rise in “shadow IT” which may not meet organizational security standards. It can also lead to
‘rogue’ assets, or personal devices being deployed without full vetting for risks.
The recent wholesale shift to remote working has highlighted this risk more than ever as personal
device use explodes. When communicating with employees, there needs to be a careful balance
between asking them to be more mindful of security and realizing their first goal is always to get
their work done. Communication and education here are essential to individual participation in
helping mitigate risk at the endpoint.
Optimize Limited Resources. With limited IT staff, and often no dedicated security staff, SMBs will
be looking to guard against the increased security risks from COVID-19 by executing strategic
security initiatives for newly remote workers and supporting long-term viability. One critical need
in threat defense is endpoint detection and response (EDR) software. EDR is vital to containing
a costly breach that could financially devastate an SMB or enterprise. EDR can help software
security teams contain, investigate and respond to threats that may have bypassed other
defenses like antivirus tools. An effective EDR solution can provide automated analysis of data to
identify suspicious activity, enabling IT to make a timely decision on the threat level and take quick
action accordingly.
Cyber Defense eMagazine –July 2020 Edition 30
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.