The last two years have been tumultuous for many organizations, and we have seen an explosion in demand for cybersecurity and Identity and Access Management solutions to help them adapt. Organizations are more reliant now than ever before on their IT systems to keep up with their clients, partners, and employees. Because the demand was so sudden, the cybersecurity policies and procedures that kept organizations safe in an in-person world had to rapidly shift to a remote-only world. This shift had to address an explosion in the number of devices, increased attack surfaces, and support on-demand provisioning of IT tools (such as VPN). While that may sound a little scary, in reality it was a much needed shift. We’ve seen more action in creating and revising cybersecurity policies, in both the private and public sectors, all in a bid to keep our workforces productive, our health carers caring, and the infrastructure we depend on standing tall.
What does this mean for you and your organizations? Hanno Ekdahl, founder of Idenhaus, sat down and chatted with Lee Kantor of Atlanta Business RadioX about the realities of cybersecurity in this day and age. We have summarized the key points Hanno talked about, and you can listen to the whole interview here. Let us know what you think in the comments section below, and if you have any questions you can contact us here.
In What Ways Can Idenhaus Help You With Your Cyber Security?
How does Idenhaus serve organizations? We help by providing advice grounded in best practices and years of experience. That process begins with evaluating an organization’s current security posture, identifying gaps in policies and systems, and defining a more secure future state that addresses those challenges and implementing those capabilities. Our seasoned team has an extensive history in cyber security, and helps organizations solve their most complex security challenges. So, what are a few of the things we look at and can help organizations with?
The old fashioned model of security depended on usernames and passwords. Of course, creating stronger passwords using passphrases can be helpful, but the use of passwords and usernames is (hopefully) on the outs as we move toward Zero-Trust. For most organizations, it can feel like you are trapped in the old model while trying to move to the newer, more secure models. Need help moving your organization over? Call Idenhaus!
Biometrics and Personally Identifiable Information:
There has been a trend to augment passwords with biometric credentials to validate a user’s identity when they log in. While the user experience with biometrics such as facial recognition or a fingerprint reader to open your device or login to the network is seamless, there are inherent security issues that come with that technology. Privacy concerns with biometrics, such as facial recognition, relate to improper data storage that exposes biometric credentials to potential security threats. With facial recognition technology, the threat to individual privacy is a significant downside and many people don’t like having their faces recorded and stored in a database for unknown future use. In response to these concerns, the EU has already started to regulate the types of data that can be stored or accessed by organizations, but as technology advances we have to balance the security benefits and convenience against the privacy concerns and ask ourselves, “Are the benefits worth the risk?”
Attribute Based Access Control Systems:
Moving from an office to a remote-only working model has been a big challenge for organizations and it raises new security concerns. When employees work from home all the time, anyone in their household could access their open workstation and access sensitive data. These concerns mean additional security measures are needed to protect against unauthorized disclosures. One of the great methods for organizations to keep their remote workforce secure is by using attribute based access control, where the system re-evaluates the validity of the user session based on current information on the user, device, and location. That means user sessions are re-evaluated and authenticated through several identifying attributes – for example, their IP address, geographic location, the time of access, and which device they log in with. If any of these attributes does not match policy, the user will have to re-authenticate and/or the session may be terminated.
Sometimes it may seem like you don’t have anything a hacker might want, but the reality is that data is in high demand. Threat actors have demonstrated that they have few scruples about hitting infrastructure (like the oil pipeline attacks) and healthcare, because that data is worth money to someone on the dark web. Organizations should do regular cyber security assessments to identify and address security vulnerabilities and keep up to date with the fast-changing pace of cyber crime.
All in all, security is a big, ever-changing thing, and it pays to keep yourself abreast of the latest security threats. Remember some easy starter advice, and call Idenhaus for the rest:
- Always do your computer/tablet/phone updates as soon as you can. Updates contain patches to fix known security issues and the more quickly to apply them, the less exposure you have.
- Keep a backup of your data; offline on an external hard drive, if possible.
- Change passwords when you have any question at all about your account security, and never reuse passwords across apps or machines.
- Don’t click on links or open attachments in an email from unknown senders. Always access your financial accounts directly from your workstation.
- Trust None, Verify All.