Security strategies: Improved preparedness after a pandemic as reliance on digital communication increases
Companies face unique dilemmas on the path to recovery from the pandemic. This involves significant and absolutely necessary investments in digital transformation, but tight budgets make such efforts difficult, if not impossible. Organizations continue to struggle with adopting new digital platforms, changing their business model to resolve disruptions in the supply chain, and enabling remote workforce.
The inability of companies to rapidly deploy technologies that support digital transformation processes, including identity-based segmentation, virtual desktop interfaces, and full-stack cloud, hinders their ability to adequately address new threats and even test new security systems and protocols.
“More than ever, it is essential to optimally correct the risk and weaknesses in a company’s existing systems right from the start,” says cybersecurity expert Nishant Srivastava, cyber security architect and field expert at Cognizant, a company for IT solutions and -Services, emphatically focused on designing and implementing Identity and Access Management (IAM) solutions. “Of course, the biggest threats should be the top priority, but the magnitude or even the likelihood of a threat shouldn’t be the only consideration. Businesses should also look at other forms of value that new technology can bring. “
Below Srivastava, a senior IAM, governance and cyber risk authority provides important security vulnerabilities related to digital security that organizations need to address in light of increasing digital dependence amid the pandemic. Follow these best practices to keep your company – and your customers – uncompromising.
Gaps in the app for consumers
Major security threats to customer-facing web applications include path crossing, cross-site scripting (XSS), SQL injections, and remote command execution. Of course, protecting customer data is an extremely high security risk and there are numerous violations. One of the greatest challenges in addressing these issues is the lack of human resources. Even in the most demanding regions, there is a lack of appropriately trained and qualified security personnel, leading to a global cybersecurity skills gap. It goes without saying that employee training and investment in highly skilled personnel are among the best ways to determine, maintain, and maintain the level of security of apps for consumers. Cracks, however small, can cause undue damage and loss.
E-commerce exposure
Online delivery companies aware of the security risks should introduce more secure logins, automatic logoffs, random buyer ID verification, and prevent customers from swapping devices when ordering. Such measures will help prevent violations that would reveal customer names, credit card information, passwords, email addresses, and other personal and sensitive information.
Businesses selling goods or services online should also not start without an SSL (Secure Socket Layer) connection. All data transmission between the corporate back-end server and the user’s browser is encrypted. This way, a hacker cannot steal and decode data even if he manages to intercept the web traffic.
Another useful strategy is to enforce password restrictions. Passwords should be as complicated as possible using a combination of symbols, numbers, and letters.
Investing in a tokenization system is worthwhile as any hacker who accesses the back-end system can read and steal sensitive information that is stored in the database as plain text. Some payment providers tokenize cardholder information, which means that a token replaces the raw data, so the database then contains a token instead of the real data. If someone steals it, they can’t do anything with it because it’s just a sign.
Ransomware recourse
Ransomware threats are escalating, so those doing business digitally should implement a layered security strategy that includes data loss prevention software, file encryption, personal firewall, and anti-malware. This protects both a company’s infrastructure and its endpoint.
Data backups are critical because even with all of the above security solutions, the likelihood of a breach is low. The easiest and most effective way to minimize cyberattack damage is to copy files to a separate device. This highly reliable form of backup allows users to resume work as usual with little to no downtime and to keep all computer files intact in the event of an attack.
Phishing gone
Gmail blocks over 100 million COVID-related phishing emails every day, but more than 240 million are sent. That means less than half that is sent through Gmail alone is blocked. Experts cite imposing restrictions on Remote Desktop Protocol (RDP) access, multi-factor authentication for VPN access, in-depth analysis of remote network connectivity, and IP address whitelisting as some of the best strategies for maintaining security. In addition, companies should secure externally targeted apps like supplier portals that use risk-based authentication and multi-factor authentication – especially for apps that a cybercriminal can use to redirect payments or change users’ bank account information.
Shield conference calls
The post-pandemic shift to remote working has opened up more opportunities for cyber criminals, focusing on the tools people use for work. It is important that people recognize their weaknesses, especially if they are working from home. These include hacked video conference passwords and unprotected video conference links that allow criminals to gain unauthorized access to a company’s network. Many people who work from home unknowingly and unintentionally do not use secure networks. Many are simply not aware of the risks.
To avoid security problems with online conference calls, meetings should always be encrypted. This means that a message can only be read by the intended recipient and that the host must be present before the meeting begins. There should also be waiting rooms for the participants. Watermarks for screen sharing, meeting locks, and using audio signatures are other recommendations.
When asked what his best advice would be to optimize security for a workforce that works mostly remotely, Nishant says that organizations start with the basics (like the ones above) against a backdrop of a variety of ever escalating and evolving threats should analyze. “Employees should use dual-factor authentication and ensure that apps, cell phones, and laptops are updated, and that available patches and updates are always installed,” he says. “You should definitely be careful with all requests for information and check the source. This even includes unexpected calls or emails that appear to come from colleagues. “
Srivastava also noted that insiders at the CIO symposium in July 2020 agreed that the pandemic grabbed years of digital transformation in just a few weeks. Using a third party turned out to be an important security risk that needed to be considered. For example, some employees abroad could not bring their computers home, so employers rushed to get them new equipment. Some of it was not set up properly, putting security at risk. Organizations should have done more to determine whether individuals were using the technology properly, such as: B. When employees share work equipment or use their own personal equipment.
On the positive side, the shift towards home work accelerated the adoption of multi-factor authentication. This is a great opportunity that today’s digital businesses should seize.
In short, Srivastava advocates a zero trust approach. “It may sound harsh, but that’s the idea that you can’t trust devices, people, and apps by default,” he says. “Everything has to be authorized and authenticated. Users should always check, never trust, and organizations should pretend a breach has already occurred and work to shore up weak links in the security chain. Finally, organizations should allow as few people as possible to access information and data – and ensure that those who have access are adequately trained to recognize when a red flag is displayed.
By applying all or even some of the advice above, companies can continue to thrive as the age of digital transformation progresses – with greater confidence and satisfaction all round.
Forbes Business Council member Merilee Kern, MBA, is an internationally respected brand analyst, strategist, and futurist reporting on notable industry changers, movers, shakers, and innovators across all B2B and B2C categories. This includes field experts and thought leaders, brands, products, services, travel destinations and events. Merilee is the founder, editor-in-chief and producer of “The Luxe List” as well as the presenter of the nationally syndicated TV show “Savvy Living”. As productive business and consumer trends, voice of authority and taste maker in the lifestyle and leisure industry, she keeps her finger on the pulse of the market and looks for new and innovative must-haves and exemplary experiences at all prices, from affordable to extremely affordable – even in the minds behind immerse yourself in the brands. Her work reaches millions around the world through radio television (her own shows and numerous others in which she appears), as well as a variety of print and online publications. Connect with her at www.TheLuxeList.com and www.SavvyLiving.tv / Instagram www.Instagram.com/LuxeListReports / Twitter www.Twitter.com/LuxeListReports / Facebook www.Facebook.com/LuxeListReports / LinkedIN www.LinkedIn. com / in / MerileeKern.
Comments are closed.