Work flexibility has changed the cyber-threat landscape for your business. It’s not that the threats didn’t exist before, it’s just that certain ones are now highlighted because when an employee is working remotely, they might be in any number of places — coffee shops, co-working spaces, their own home or their car at their kid’s soccer practice. Traditional IT security solutions dealt with security as a castle with a moat, or if you prefer, a walled garden. In either case, today the moat is dry and those garden walls have crumbled. Data and people flow with ease in and out of your business.
You need to protect the identity of your people and validate the devices before offering up any access to data. Then you need to be sure that data is being stored into corporate approved locations and not leaking into personal gmail and dropbox accounts because once the corporate data flows into a personal location, it no longer belongs to the corporation. Ultimately all we have of value is our data. We need a new paradigm to protect it.
There is no single way to protect you and your data. It requires a layered approach. Increasingly this layering isn’t about installing something on your computer to protect it, it’s more about protecting the people, devices and then the data itself.
Identity is the linchpin of modern security. Adopting conditional access will let you restrict the who, what and where of a logon attempt. Meaning, if one of your employees is trying to log on but they snuck off to the beaches of Jamaica, they won’t be able to. Block all regions except the ones in which your employees legitimately reside. Most attacks still come from outside the USA so using this method blocks most of them and if someone is travelling you can temporarily add that location to your safe list.
Device protection has advanced far beyond anti-virus software and applying patches, though those things are still important. Today device protection means using BitLocker on Windows or FireVault on Macintosh or a third party to encrypt the device. Then you want to also enable face recognition or other secondary authentication methods. The combination of these two things means that if your device is stolen it’ll be useless to the thief because they don’t have your face and the data on the drive is gobbledygook, even if they remove the drive and attempt to read it.
Speaking of data, protecting it has changed too. Application policies can dictate where corporate data can be saved. So, when a file is opened it can only be saved back to the place from where it came. When shared, the data cannot be shared to a location not considered a corporate owned space. You can go further and not allow documents to be attached to email, favoring instead document sharing where the location is known and access can expire or be revoked as needed.
There’s a lot of noise in the media about privacy and the many definitions of it. But for your business's purpose, privacy means keeping your activities safe while in an environment you probably shouldn't trust. For example, my neighborhood suffered a 5-day power outage recently which included my local cell tower. I took myself up to a coffee shop for Internet access so I could get my work done and so did everyone else. We were all there on a public wi-fi, but I don’t know those people on the network with me and I don’t know how well that network is being maintained. I’m at its mercy. When I find myself in that situation, I click on my privacy VPN that is provided with the firewall at my office. This VPN isn’t the type that hides me. Instead, what it is doing is encrypting my transmissions and sending them back to a network that I trust, my office. From there, the data is subject to corporate policy and my data path looks like I was in my office.
What I’ve described isn’t an exhaustive or detailed security scheme but rather a notion that modern work requires modern IT security. If you’ve enabled modern work but haven’t given thought to what this means for the security of your business, now is the time to do that. Everything has changed but the good news is that the tools exist to make this a safe and productive experience for everyone.
This article was written in partnership with getWise - a technology platform that provides on-demand expert advice for small businesses and women to accelerate their business or career.