Things Change and So Does Security: 4 Areas to Invest in Protecting Your Firm from A Security Breach During COVID-19
After a few weeks of working from home and making the painful but necessary adjustments, many firms are still uncovering hurdles to conduct normal operations. COVID-19 delivered a full an array of extraordinary security challenges and surprises. Such challenges have included “Zoom Bombing”, where uninvited guests enforce their will on business meetings hosted in Zoom (or GoToMeeting); employees shifting back and forth between personal and work devices; an increased number of cyber-attacks; and let’s not forget those headline-grabbing fear tactics (e.g. “Is your Alexa or other voice-recognition equipment spying on you???”).
Many big technology firms, such as Amazon, Google, and other international, publicly traded companies, have literally hundreds of billions of dollars riding on their ability and desire to ensure the privacy and confidentiality of their customer’s data. A leak of conversations from a private address could cause severe legal and economic hardship, ensuring that they undergo intensive independent security audits such as ISO 27001 and SOC 2. Although we are still uncovering data surrounding how many firms and professionals have been attacked or are victims of these cybercrimes, there are four ways to navigate and invest time and money in order to avoid the myriad security concerns that have arisen with the use of fully remote staffing.
- Provide VPN solutions for all users.
- Ensure multi-factor authentication is required in addition to authorized, unique user IDs and passwords for any sensitive system or data access.
- Leverage remote monitoring and management agents on all employee devices to ensure that security controls remain in place and up to date.
- Monitor our equipment and data housed in secure, independently audited data centers with system health (e.g. uptime and data throughput), intrusion prevention and detection, vulnerability scanning, and security incident and event management [i.e. SIEM] tools.
The concern is growing, and the attacking methods change daily; however, the only way to protect client and employee data is to continue to be proactive and agile in response to current, predicted, and emerging risks. Last but not least, it is imperative to have a strong defense of experts on the front line with an unwavering investment in compliance and security tools and solutions.