Fusion Risk Management Has Been Named a Leader in the Forrester Wave™: Business Continuity Management Software Report
Six Key Elements That Help Strengthen Cybersecurity While Working Remotely
Posted on: October 28, 2022 Author:
Dealing with cybersecurity threats is becoming a part of daily life — from suspicious emails claiming you just won $1 million dollars to a random USB drive dropped on the ground containing malicious files. These types of acts (and various others) are happening all the time and all around the world.
In 2021, according to the Cybersecurity & Infrastructure Security Agency, authorities observed an increase in the high-value targeting of high-value organizations through sophisticated ransomware attacks. These malicious actors do not even need to be that technical anymore, with the advent of ransomware-as-a-service. Now, with just a few clicks, malicious actors can launch sophisticated attacks anywhere in the world for a small fee and no real effort.
As security is our top priority at Fusion, here are six items that we have recently been implementing to help bolster security while working from home.
Ensuring the Security of Employees and Customers
At Fusion, our number one priority is the data security of our employees and customers. The human element is normally looked at as the weakest link in any cybersecurity program, and training for employees needs to be prioritized.
The various programs and training that have been implemented at Fusion include the following:
Periodic cybersecurity awareness training that is consistently updated with the newest trends in cybersecurity.
Monthly phishing campaigns to reinforce training regarding reviewing emails for malicious intent and knowing how to submit a potential phishing email for further analysis. Winners are randomly selected from those who report emails, and they receive a gift card.
A cybersecurity champions program, where various department leads come together once a month with the cybersecurity team to discuss trending topics in cybersecurity, current projects the cybersecurity team is working on, and any other questions or topics. These champions are then able to relay this information to their team members and in turn become ambassadors of the cybersecurity team.
Implementing Data Transfer Restrictions
Blocking the use of removable media devices out of everyday corporate life can be a daunting task. Many users might view these devices as a very convenient way to store and transfer files; however, the use of such devices continues to get blocked at companies all around the globe. This might be due to security concerns or privacy regulations that the company must follow.
Here are a few scenarios that are avoided when removable media devices are blocked:
Storage devices can be misplaced, causing great harm to the organization if confidential data was stored on said device.
Cybercriminals will create malicious USB sticks and drop them in public places. These malicious devices, once plugged into an endpoint, could take full control over the endpoint.
Data exfiltration would open the organization to compliance regulation issues.
Integrating SASE (Secure Access Service Edge)
Protecting end-user devices has always been an issue, but the move to fully remote or hybrid work environments has only made it more difficult to provide adequate security. So, how do we protect our company assets when we do not control employees’ home networks? An always-on Virtual Private Network (VPN) solution.
The VPN creates a secure network connection to the company’s network before going onto the internet. This solution allows us to:
Ensure encryption is maintained for all internet communications.
Implement URL filtering to protect against malicious websites and malware.
Maintain secure access to Fusion apps and software.
Moving to the Cloud
The move to the cloud has only added more apps that users are accessing daily. Without SSO (Single Sign-On), it would be a challenge to effectively manage and enforce company security policies across these apps.
With SSO, we are not only able to streamline the management of user access controls, but we are also able to streamline the workflow for our end users by reducing the number of times that are needed to log in to access all apps. The main benefits for implementing SSO include:
A reduction of user credentials.
Regulatory compliance helps through effective authentication and full auditability.
A centralized Identity and Access Management (IAM) solution that controls user access to various resources.
Improved user useability by reducing the number of sign-ins for multiple apps.
Improved security through enforceable company security policies across multiple applications and pieces of software.
With the increase in the amount of data that is being aggregated every day, a data loss prevention (DLP) solution might be the best solution for your organization. A DLP solution allows an organization to protect their data at rest and in transit. This solution can be as simple as text scans looking for certain patterns (such as SSN, address, full name, etc.) to artificial intelligence (AI) models trained against internal company documents.
While a DLP solution can be difficult to set up at first, the wealth of benefits outweighs the initial setup. These benefits include:
Preventing the exfiltration of sensitive data outside the organization.
Discovery capabilities to determine where your sensitive data is housed.
Meeting regulatory and compliance requirements such as the General Data Protection Regulation (GDPR).
Vulnerability and Patch Management
Keeping software and applications up to date is one of the best ways to combat malicious actors in this ever-changing threat landscape. A lack of a proper patch management system could be devastating to an organization.
Having a proper patch management system allows you to:
Fix vulnerabilities in software and applications that might be targeted by cyber criminals.
Maintain compliance with regulatory requirements such as: SOC (Service Organization Controls) 2, ISO (International Organization for Standardization) 27001, PCI (Payment Card Industry) DSS (Data Security Standard), etc.
Increase performance through reduced downtime due to systems being up to date.
Upgrade to the most up-to-date features of an application.
The list of controls that can be implemented is ever-growing. Prioritization of tasks is an essential part of building out any cybersecurity program. We all need to stay current with emerging threats and understand proper ways of combating them.
Cookie Authorization Preferences
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!