5 Ways To Close Cybersecurity Gaps Created By The Pandemic

With today's "new normal" ratcheting up the threat level, bolstering cybersecurity has become even more critical than before the pandemic. Here are five defensive measures that can help IT teams minimize the risk of cyberattacks and associated damage to the business. While you may think your business once had these areas under control, the reality is that may no longer be true thanks to the changing dynamics of our new landscape. Consequently, every organization should reevaluate its approach by taking these steps:

1. Conduct A Risk Assessment

Knowing where to focus your remediation efforts requires identifying the biggest weaknesses in your security fabric. This can be achieved by performing a risk assessment, either internally or with the help of an outside consultant. The process is essentially a security health check covering hardware devices, applications, network connections, user authentication systems, data classification and storage and other IT components and policies. Any vulnerabilities detected by this analysis can be prioritized based on the risk level and used to create a roadmap for strengthening your security posture.

Most corporate networks have what is essentially an open floor plan. Employees can reach whatever they need without going through different doors (technically speaking, routers or firewalls). This "flat" network enables an adversary who gains access to a user's computer to roam freely on a search for valuable data, then stage an attack against the relevant servers to steal it.

Switching to a "segmented" network can significantly tighten security by creating a series of sub-networks — or, to continue the analogy, locked rooms. Anyone looking for sensitive information will then face an obstacle course of routers, firewalls, permissions and other control measures that thwart the effort, dramatically minimizing the risk of exposure.

3. Rethink Your Password Strategy

Passwords have long been the weakest link in the security chain, making them a leading source of data breaches. The increase in cloud services both before and during the pandemic has further diminished their value by stripping away the protections of a corporate network in authenticating users. Password-based identity management solutions may also make it difficult for remote employees to access business applications, depending on the system and how it's architected.

Taken together, these drawbacks offer a solid argument for considering a move to multifactor authentication. Requiring more than one form of verification to prove a user's identity — whether a fingerprint, PIN, security token or any number of other options — can go a long way toward toughening your security stance.

4. Implement Employee Training And Awareness Programs

Adhering to security best practices can be difficult for employees even in the best of times, but working remotely can increase the likelihood that they will let down their guard. Users are more likely to click on a spearfishing email when they're distracted by taking a jogging break, helping children with e-learning or juggling other family responsibilities at home. They may also be unaware of the need to harden passwords on their home networks or the dangers of using their personal devices for work-related activities.

Security awareness programs, such as sending periodic fake phishing emails to educate employees about different phishing techniques, can be an important line of defense against bad actors targeting your remote workforce.

5. Be Ready In Case Of Crisis

If the pandemic has taught us anything, it's that disaster can strike at any time and from the most unexpected places. That's as true of cyberattacks as it is of public health crises, and it means that IT teams need to be prepared to manage and address cybersecurity incidents regardless of their source.

Conducting dress rehearsals for different scenarios can help limit the downtime as well as the damage when and if cybercriminals strike. These "tabletop exercises" involve assembling key personnel to talk through procedures, roles and other incident response issues. By some estimates, these simulations can save $2 million in response costs.

In addition, be sure your crisis management plan is up to date. Who is going to alert authorities and regulators? Talk to the press? Put the wheels of remediation in motion? This is as essential a part of risk management as implementing the technologies to keep your data safe.

Threat actors will always be with us, but Covid-19 has raised the stakes for security professionals on the front lines. Security projects that may have been on the back burner as organizations prioritize business transformation now need to be greenlighted to improve security hygiene and stop attackers in their tracks.

In today's environment, executives and corporate boards understand why security investments are imperative. And that's good news for enterprises everywhere.