FEATURE
An identity is attached to everything in the corporate environment : each person , application , service or device . It ’ s an approach that is location-agnostic and supports completely user-based security for the enterprise .
4 . Overcoming VPN vulnerabilities
For organisations that are used to setting up remote workers with VPN , there ’ s a fundamental problem in that legacy VPN servers generally can ’ t scale . Those currently using a VPN are likely to discover that it can slow down Internet speeds , such that work-from-home teams may encounter problems when performing highbandwidth tasks such as holding video conference calls .
From a security standpoint , vulnerabilities associated with VPNs were highlighted in recent news such as the warnings that were issued about Fortinet vulnerabilities ( e . g ., the FBI ’ s warning ). An incident investigation conducted by Kaspersky ICS CERT experts shows that attacks
Yuval Wollman , President of CyberProof , a UST company
of Cring ransomware exploit a vulnerability in FortiGate VPN servers . Compromised VPN access and misconfiguration are growing problems with a large work-from-home workforce – a problem that patching and careful configuration processes can solve .
5 . Encryption is key
Ensure employees are using secure methods of communication . Thankfully , many mainstream messaging services such as Signal , WhatsApp and Telegram come with end-to-end encryption as default or as an option .
6 . Locking devices
For employees who must work in a public space , or who live with people who they can ’ t share work information with , it ’ s important to keep devices secure . Password-locking a device will usually encrypt its contents until someone enters the password .
For an extra layer of encryption protection , employees can use an additional full disk encryption tool such as VeraCrypt or BitLocker . For those who need to physically lock a device , for example , at a library or hospital , a Kensington lock is a great option .
7 . Incident detection and response
Security alerts and suspicious events collected from multiple internal and external customer data sources should be monitored by a Security Operations Centre ( SOC ) team – so that threats can be detected as they emerge in critical cloud or on-premises infrastructure . What ’ s key is to develop and update policies and outline the steps to take in
38 www . intelligentciso . com