1. Develop and continually update a security plan.
Do your homework. Research top-tier security products and advisors to choose the appropriate protection for your business. You will need tools and processes to quickly identify and isolate threats if they occur. Most importantly, re-evaluate your security plan often, recognizing the ever-changing threat. Casamba reviews and adjusts its security plan several times a year.
2. Create a culture of security awareness at your company.
A little bit of time and money spent on training and education can deliver immeasurable savings down the road.
Like most in our industry, Casamba believed that discussing security during company town halls and team meetings was sufficient to educate our staff regarding potential threats. But now we need to do more.
We are now working to create a culture where network security is top of mind for all employees. As part of this, we deployed a new security awareness program in which staff engages in frequent training, receives emails about security tips and tricks, and we even “phish-test” our employees to make sure our efforts are resonating.
3. Social media is the weakest link in the chain of network security.
Prior to deploying our security awareness program, we had seen cases where employees shared their travel plans, pictures from business events and similar information on their personal social media accounts. This information can easily be used in “spear phishing” against key individuals. In these situations, criminals are gaining people’s trust to open a compromised link.
We are working hard to educate our staff on what is appropriate to share on social media and what is not. In the end, we want them to scrutinize any incoming communication and figure out who is the true sender of an email and understand their intentions.
4. Continually reevaluate the tools you use and the “open connections” (e.g., vendors, clients).
It’s these connections that cybercriminals look to exploit. In our efforts to keep re-evaluating our tools and “open-connections,” we recently identified a new vendor that provides a superior platform to our technical staff. They offer access to the data center without the need for VPN as well as resetting the password after each use. This essentially eliminates the ability of an attacker to steal credentials.
5. “Shorten the distance” between the computer and the cloud service.
Like with the open connections, anything you can do to shorten the distance between the computer and the cloud services they use can deliver benefits immediately. We employ edge computing because it does just that.
With COVID-19 forcing our staff to work remotely, we needed to create a secure environment where we can monitor the desktops and networks of our staff, while they are using personal equipment on residential networks, while at times, serving others in their household.
To address these concerns, and following our adoption of edge computing, we deployed virtual desktops with multi-factor authentication. Through this, we have improved the security by physically isolating the desktops from external users and un-authorized applications, as well as creating a more secure solution for our employees.