Page 108 - Cyber Defense eMagazine September 2022
P. 108
growing popularity of BYOD (bring your own device) policies, security levels are more likely than not
significantly lower than in a traditional, pre-pandemic office setting as IT cannot fully control personal
devices to the same standard. Employees are accessing company emails, websites and other materials
on their personal cell phones and laptops that have little to no protection compared to their work devices.
How do we ensure that remote and hybrid employees and their work are protected equally? The answer
is simple: education.
It is up to enterprise leaders, IT and human resources departments to continuously supply and deploy
educational materials for employees on cybersecurity best practices. Additionally, it is important to note
that trends in phishing scams are becoming considerably more sophisticated, appearing more discreet
and often targeting new channels, like SMS. It is the employer’s responsibility to equip its employees with
the knowledge to distinguish such attacks, report them to IT and not interact or engage with them.
Companies should also consider a course or class on the matter, repeating it annually and/or with new
hires to ensure cyber safety is a priority for each team member.
Implement the necessary tools and systems to protect data at every level.
Your employees may have all the tools they need to engage safely at work, but that alone is not enough.
Any platform or channel where sensitive data, information, plans, documents, records and other
confidential files are shared must be protected at every entry point. There are many types and tiers of
encryption floating around, but end-to-end encryption absolutely is the gold standard. With the message
being decrypted only on the device of the sender and recipient, the chance of an attacker accessing
information is depleted. This is vital in the remote era when employees are communicating on digital
channels like email and instant message, especially when using their personal devices. Industries like
healthcare and finance are more susceptible to attack due to highly sensitive and valuable personal
information and records as well as outdated and inefficient systems. In light of recent events overseas,
these sectors, among many others, should consider deploying fully encrypted, compliant collaboration
channels, ensuring that information is being exchanged securely and end-users are protected as well.
It is also worth enterprises considering adopting a zero-trust framework to further limit employee access
to company information and decrease the risk of a human error-related breach. This model requires
network users to be verified at every entry point and gives them access to only what is required to perform
a task or role. With a zero-trust implementation, unverified users are immediately denied entry to the
network, providing a sophisticated level of security to the enterprise.
The digital technologies and best practices being implemented by enterprises today are shaping their
futures for a safer, more efficient and successful tomorrow. It will pay off in multitudes to take a proactive
approach to the protection of your company and teams. Invest in your employees. Safeguard your
company data, devices and communication channels. Take no risks.
Cyber Defense eMagazine – September 2022 Edition 108
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.