COVID-19 has single handedly changed the technology infrastructure of every organization. In fact, it’s done so faster than any known event or phenomenon. That’s right, folks— this stuff is serious!
According to a survey by ISSA International and ESG, cybersecurity professionals have experienced a 63 percent increase in cyberattacks related to the pandemic. From ransomware and malware infections to other threat campaigns, the pandemic has undoubtedly delivered an extraordinary array of cybersecurity challenges. And they’re just getting started— as more organizations transition to telework, they’re adopting never-before-seen IT capabilities, potentially exposing their networks to new points of entry.
It’s difficult to truly see or feel the impact of something if it hasn’t directly affect you. This seems to be a reoccurring notion for SMBs who often neglect security precautions and mid-market organizations that lack mature processes. Nearly one third of small and midsize companies use free, consumer-grade cybersecurity tools and 43 percent have no cybersecurity defense plan. And you want to know what’s really bonkers? ISSA International Board President Candy Alexander says there hasn’t been an increase in cybersecurity spending or prioritization following the start of the pandemic. Following the economic fallout, SMBs must prioritize cybersecurity to regain and ensure their foothold in the post-pandemic economy.
What comes next? Well, that’s up to you. To protect yourself and your organization in our post-pandemic world, here are five strategies we recommend implementing:
- Teleworking Solutions: Most organizations, if not all, will experience a permanent increase in telework following the pandemic. To prepare accordingly, be sure to manage the identity and access of remote workers according to security requirements. The use of internet-based remote desktop protocol (RDP) allows remote access of Windows systems and is enticing for hackers. We don’t recommend allowing RDP from any external connections but if you use it at all internally, consider allowing it only with network-level authentication of the endpoint and rigorous patching.
Ask us about security consulting, security assessments, and endpoint security solutions that help lock down vulnerabilities hackers frequently exploit.
- External Perimeter Protection: As stated above, more remote connections lead to larger attack surfaces. You can protect your external perimeters by implementing NAC to validate devices before allowing them to connect to remote networks and implement remote endpoint isolations and forensic capabilities. Supporting remote endpoint data collection and analysis with capabilities that identify unauthorized activity is just another way to keep your guard up.
Ask us about enabling NAC or endpoint compliance features on the solutions you have, or adding additional protections for layered defense. We have options that work with your firewall, existing agents, or through NAC products that integrate for VPN protection.
- Cloud Services: Life is better in the cloud. With benefits including cost reduction, efficiency, and resiliency, if properly adopted and managed, cloud services will serve your organization well. However, keeping full inventory of cloud usage will help you keep tabs on where your data lives and who can access it, and defining the data storage policies for the use of these services will ensure sensitive information and data are properly maintained. And of course securely managing remote access to cloud-based data and apps with CASB and similar solutions is critical to any cloud strategy.
Ask us about CASB and other cloud security and monitoring tools.
- Redefine Your BYOD Policy: When everyone “brings” their own device, things can get messy. Laptop and Chromebook sales have skyrocketed throughout the pandemic and low inventory has left organizations and users scrambling to make do with what they have, which is often personal devices. Sure, it’s convenient, especially when you’re working remotely, but this can expose your organization to a slew of new threats. Establish a policy or reexamine your existing BYOD policy to define what can be accessed on personal devices, and make sure your enterprise systems are set up to enforce access policies around approved devices.
We’ve been BYOD masters for more than 10 years, from policies to enforcement, best practices, and mapping controls.
- Protection and Recovery: Your IT infrastructure is changing fast, and you need to adapt with it. Refresh your cyber incident breach response plan to address the current operational content and make sure it aligns with other business continuity and enterprise crisis management plans. The same goes for financial protection and recovery. Technology and cybersecurity pose a huge financial risk in itself, and the pandemic begs organizations to pay attention now more than ever before and purchase cyber insurance. Look for new coverage gaps and make sure potential risks are addressed. For example, domain spoofing and finance-related spear phishing has increased through the pandemic. Your organization may need additional monitoring tools, email security and security awareness training.
Ask about virtual CISO services if you need to create a protection and recovery strategy, and ask about our options for services for monitoring for domain spoofing.
Carolina Advanced Digital offers a breadth of security solutions for mid-market organizations needing to bolster security including endpoint security, NGFWs, NAC, custom BYOD strategies, cloud security, consulting, and both security assessments and pen tests. Contact us today for more info or to schedule a free 30-minute call to discuss your needs.