There is no denying that 2020 has been a tumultuous year. COVID-19 swept the world and forced organizations to adapt to new ways of working. This led to most people having to bring their work home and communicate through online meetings. This new norm came with both its pros and cons, but what is important is to stay up to date and be aware of important changes that could affect you and your company.
In cooperation with Workspace365, Smartlockr organized an online event: "Securing the new way of working". During the event, several industry experts shared their knowledge and tips on how to secure our new way of working for 2021. Here is a small recap of the event for those who have missed the event.
Securing the new way of working
Remco de Kramer | Product Marketing Manager at Microsoft
Securing identity and endpoints for remote work
Covid-19 and shifting to working from home brings unexpected IT Challenges and they are here to stay. We need to take the next step and look at how we can configure our IT environments to match our IT policy, so our remote workplace is safe and secure.
Previously, everything was done within the corporate network. We were protected within the firewall, and this was the protection parameter. Now, that we work from home, from the cloud, the network is no longer the primary point of defense, it is the identity.S o, how do we take care of securing the identity, safeguarding privacy, while ensuring compliance? And can IT administer endpoints from a distance? We need to ask these questions and see if we have enabled the workspace according to these questions.
We have summarized for you, 3 steps to enable remote workspace.
- Enable remote access to apps: empower remote workers to access the apps they need without compromising security.
Read more: Why 2FA and SSO should be in your 2021 security strategy
- Manage devices and apps: enable BYO and unify management across devices and apps.
- Protect corporate resources: leverage built-in, seamless security to protect data while keeping users productive. Ensuring productive remote work while protecting corporate resources. There are different ways of doing it.
Source: Remco de Kramer's presentation
Ruben Spruijt |Sr. Technologist at Nutanix
Securing the new way of working:
Put security in the agenda before it becomes the agenda. Every company has at least one person that clicks on anything and everything. Our weakest link is you, us, our employees. What can be done to turn our biggest weakness into our biggest strength?
Simplify work processes, leave complexity behind the scenes. If a user deems a certain work process as tedious, they will stop using it and put data at risk again. Therefore, user experience is the vital difference maker.
Lessons learned and how to improve for 2021.
- Do
- Complexity is the enemy of security! Hiding complexity, consumer simple solutions are key!
- Simple is not weak, it is strong!
- Modern Identity Provider (IdP), “passwordless/MFA”. Makes sure that different apps are integrated well and passwordless with MFA.
- Communication and training. Ensure people are aware of the risk and how to handle these types of situations.
- “Cyber hygiene is like putting a seatbelt on”. It is easier to prevent a data leak than to fix it after the fact.
- Zero-trust, network segmentation/isolation. Neither external nor internal users are immediately trusted by the network.
- Don’t
- From Cloud 1st to Cloud Smart. Cloud first doesn’t mean cloud only. Many organizations are located cloud first. It’s important to stand still, investigate the business and user case, the complete holistic view before making any moves (staying on prem, hybrid or cloud). Hybrid Cloud Infrastructure.
- Traditional VPN is a No-Go.
- No data on the endpoint with Virtual Apps and Desktops.
- Run any Windows app in your browser.
Arie van der Deijl | Product Manager Aareon NL
GDPR and data protection:
How do you ensure your data is safe?
Since the introduction of the GDPR, there are some new rules that make things complicated. This is because when sending data, the production database is the only one permitted by the GDPR to contain real data, others must be anonymized or censored. This applies to new incoming documents and data found in the archives, but also concerns testing environments, DTAP, and training. This is a pitfall for many companies who are unaware of this.
Aareon enables you to mask data for testing, reports, and more. Moral of the story, stay up to date on data legislation in your region to avoid ‘surprises’ from interfering with your business operations.
Casimir Hammerstein | Head of Growth at Smartlockr
How secure email will remain your biggest security asset in 2021:
2020 saw a rise in data leaks around the world. Insider threats, weak and stolen credentials, and malware were the 3 biggest causes of these breaches. So how can we fight this?
Awareness is the key to success in 2021.
The more awareness, the more people consciously try to prevent a data leak from happening. If you do not know the threats or your vulnerable points, then you cannot know how to protect yourself. By making your employees more aware, not only are you bolstering your internal line of defense, but you are also alleviating the burden on your security team.
What did we learn in 2020 to improve our cybersecurity?
- Multi-Factor Authentication: extra security is necessary to get access to your data, securely from any device and location.
- Use encryption for your data: don’t make it too easy for cyber criminals. Don’t present your sensitive data on a silver platter.
- Awareness: We are all vulnerable to human error. By raising awareness, we can prevent this.
2021 will remain the year where we will focus on awareness as data will become more valuable to cybercriminals.
Floris van der Laag | Presales Consultant at Workspace365
How to get security on the management agenda
IT should not be solely responsible for security. Security is a team effort that only gets stronger in numbers. A great way to start fostering awareness is to bring it up with the management team as they can relay this information to their respective departments and bring it to the forefront. Now, how do we go about doing this?
Floris' advice is to place security in the management agenda:
- Invite people from multiple departments and find common ground.
- Discover relevant risks to create awareness for the management team.
- Put your findings in a presentation and give it to a manager just before their weekly meeting.
- With this, create an information security policy that extends to the entire organization and operations.
- Protect the crown jewels. Get external help to optimize security.
The first procedure to follow consists of:
To summarize: 2020 has introduced us to a new way of working. Not only did we get more flexible in our way of working, but also more aware. Because every opportunity comes with digital threats. We were happy to bring knowledge of all experts together, to be able to start off 2021 with new insights and tips to use right away!