COVID-19 has brought on some unique security challenges for the enterprise. Remote workers are often left to their own devices—literally—which can spell trouble for CIOs and CISOs looking to mitigate persistent threats. We’ve been so focused on making remote work easier, and getting the right applications to our workforce, that some of the focus has been taken off security. That’s a mistake, because,
- Employees who are no longer under the supervision of IT are vulnerable to phishing attempts, ransomware, and more, and
- Malware, ransomware, phishing, and hacking attempts have only continued to increase since last year.
Whether you’re a small, mid-sized, or large organization, or whether you’re in finance, manufacturing, technology, retail, or any other industry… the reality is, it doesn’t matter to hackers. If you have information, that means you’re at risk.
As we head into 2021, remote work is here to stay as well. Some organizations are even adopting a virtual-first or digital-first approach, where the majority of employees will work remotely for the foreseeable future. This means security should be even more front and center.
Give your organization the gift of peace of mind this holiday season. As a security leader, you should make adopting these 3 technologies a priority for 2021.
1. Don’t Underestimate the Security of Multi-Factor Authentication; Make It Mandatory
Multi-factor authentication is nothing new. If you’re in an industry like finance or healthcare, it’s something you may have used for a long time. But if you’re not, implementation really comes down to the whims of the individual organization.
Here’s why you should be concerned: password dumping (when a site or application is exposed and passwords are dumped on the web) took the top spot among malware breaches in 2020, and over 80% of breaches as a whole in 2020 were due to either brute force or using stolen credentials (according to the 2020 Verizon Data Breach Investigations Report). This means that we can’t and shouldn’t rely on passwords alone to keep applications secure.
The question is: are your employees actually using multi-factor authentication? If you’re not enforcing it, the answer is: probably not. They may use it for some applications and not others. This inconsistency creates gaps in your security strategy.
Are your employees at risk of being hacked or exposed to ransomware? Make it a priority to close the gaps in your security strategy come the new year.
Make it a goal to make 2-factor mandatory across your organization for 2021. Adopt a platform that makes it easy to enforce across your applications, and educate your employees on why it’s critical. It’s a healthy habit that they can—and should—bring into their personal lives, too.
Security keys are also coming online for those that want to add a trusted component to this approach or who have already adopted multi-factor.
2. Deploy Single Sign-On and Adopt a Password Vault If Necessary
For many enterprises, single sign-on (SSO) helps to simplify access to the myriad of applications that users need to login to. SSO makes logging in easy and secure by authenticating and authorizing your employee to sign in just once, giving them access to multiple applications. It’s very secure and doesn’t create more work for your employees, making it a win-win.
However, if your business is using applications that don’t allow for SSO and also don’t allow for multi-factor (and you’re bound to) then the next best thing you can do is adopt a password vault/platform. Providers like 1Password generate complex passwords that are more difficult to hack and store these passwords in a completely encrypted platform.
Your employees will thank you (you’ve just made their work lives a whole lot easier), and you’ll be happy that you’ve taken an extra step to prevent security breaches.
3. Invest In a Modern Security and Privacy Platform That Protects Against Ransomware, Data Breaches, and More
We hate to break it to you, but your legacy anti-virus software is no longer cutting it. The antivirus solutions of yesterday were developed within a security model that does not assume the kinds of privacy challenges faced by enterprises today. The good news: new platforms are emerging that replace these methods with streamlined approaches driven by automation, AI, and cryptographic innovation.
The best gift you can give your enterprise this year is an updated solution that mitigates new kinds of attacks. Some providers Aragon recommends considering include Attivo Networks, BlackFog, SentinelOne, and Tozny—read more about them here.
Bottom Line
Unfortunately, security breaches increase with each passing year, pandemic or not. The good news is that technology is evolving alongside these persistent threats, and there’s lots of good solutions out there to help minimize your vulnerability. The best thing you can do is to act fast. Head into the new year by making security a priority and empowering your employees to have ownership over their data.