Internet security suites offer a comprehensive range of protection for your online devices. While antivirus is the always the base feature, others that these packages might offer include ransomware protection, a VPN, and even a password manager. These really are all-singing all-dancing online security downloads for those wanting the best possible protection.

And it's not just desktops and laptops that can benefit from internet security suites as there are also versions for Android and iPhone smartphones. Because they cover multiple devices (usually five or more), you can protect all the gadgets of you and your family on one easy plan - Windows and Macs both included.

Some providers also offer a rescue disk feature to rollback any existing attack, and encryption software for added security protection is also commonly included. Many now also come with additional privacy features, and a firewall as standard.

While internet security suites and antivirus packages are commonly aimed at domestic consumers, also note services that are specifically aimed at businesses, such as cloud antivirus and endpoint protection to offer business grade protection. There are also online cyber security courses available to help improve staff awareness.

Which ever internet security suite you're looking for, and for whatever device, you'll end up with more than just basic software with our selection of the best. Here are the ones we think are currently best on the market.

Beefy protection across all fronts, plus PC maintenance tools

Operating system: Windows and Mac, Android and iOS | Maximum devices covered: 10 | Stand out features: Safepay online banking protection, high-quality ransomware defenses, web protection module

Huge range of features

Excellent web surfing protection

30-day trial (no card details needed)

Potential performance impact

Bitdefender Total Security is the well-respected security firms top-of-the-range package, and it comes positively bristling with features as a result.

You get deep breath antivirus plus impressively capable ransomware protection, a firewall, Wi-Fi security advisor, a secure browser (Safepay) for online banking, file shredder, vulnerability scanner, password manager, email spam filter, parental controls, webcam and microphone defenses, and more besides (including a superb web protection module for blocking malicious URLs).

As well as security features, Total Security provides various PC maintenance and optimization tools. These are somewhat useful in themselves, for cleaning out superfluous files and streamlining boot times but more importantly, Bitdefenders flagship package also covers more than just Windows devices, providing apps for Macs, along with Android and iOS mobiles.

As its only marginally more expensive than Bitdefender Internet Security the firms mid-tier security suite its well worth the upgrade to Total Security if you have multiple devices across different platforms to protect.

About the only fly in the ointment is that Bitdefender Total Security may exact a bit more of a toll on the performance front than the best of the competition, although we found it to be around average in terms of any slowdown caused on our PC. Your mileage may vary, and indeed you may notice nothing at all.

Another plus point with Total Security is that theres a 30-day trial, with no payment details needed; you just have to supply an email address. That means you can try out the security suite yourself for a full month, and see if theres any performance impact on your own PC, before committing to buying.

An intelligent security suite thats great value for money

Operating system: Windows and Mac, Android and iOS | Maximum devices covered: 10 | Stand out features: Safe Money secure web browser, intelligent adaptive protection, Safe Kids parental controls

Excellent virus engine

Top-notch parental controls

By far the best value in the Kaspersky range

Some features are only so-so quality

Kaspersky Total Security is another veteran of the security world, and as you might expect, it delivers top-quality defenses with some impressively intelligent adaptive protection capabilities (like warning you if a password youve just chosen is too weak).

One of the issues with the entry-level Kaspersky Anti-Virus package is that its rather flimsy when it comes to extra features, sticking to the core basics and not delivering much else. Which is why it makes good sense to go for Kaspersky Total Security, mainly because it provides far more functionality, and doesnt cost much more than Kaspersky Anti-Virus (in fact, with the discounts on plans at the time of writing, it can be the same price or even cheaper to get Total Security, so youd be foolish not to, really).

Total Security gives you all the basics, including fast, accurate and highly configurable virus scans. On top of that, you get an intelligent firewall (it doesnt plague you with pop-up messages asking what to do), a secure web browser, protection from webcam hijacking, a software updater, file backup tool, along with a solid password manager, and Kasperskys Safe Kids module.

The latter is an excellent parental controls system with some smart social media monitoring tools. While not all the features are up to this standard some extras, like the troubleshooting wizards, and spam filter, are wobbly around the edges overall, youre getting a hell of a lot for your money here.

Offers an integrated VPN, and keeps the whole family safe

Operating system: Windows and Mac, Android and iOS | Maximum devices covered: 5 | Stand out features: Parental controls, VPN, online backup, dark web monitoring (US)

Light on system resources

Fully integrated VPN

Superb parental controls

Theres no trial version

When we evaluated all of NortonLifeLocks security suite options, we picked out Norton 360 Deluxe as the best value all-round choice for anyone whos looking to protect more than a single device which is likely the majority of folks.

Theres a wealth of features here, including excellent antivirus protection coupled with a very light touch when it comes to resource usage, bundled with webcam protection, and dark web monitoring (for US users only, mind), and a system of parental controls.

The parental controls are top-notch, by the way, including in-depth monitoring systems to keep an eye on what your kids are doing online, and even GPS tracking for their mobile devices. Nortons even stronger than Kaspersky in this department, and thats saying something.

There are some truly worthwhile extras included here, too, like a fully integrated VPN (which could be a big money-saver in itself) and 50GB of online backup storage (ditto).

Norton 360 Deluxe will cover up to five devices (and that means you can use the VPN with those five bits of hardware as well), either Windows or Mac PCs, plus there are mobile apps for Android and iOS. Pricing is highly competitive compared to rivals, so you should definitely consider this Norton package particularly for family usage given the very thorough parental controls.

Sterling malware and ransomware protection in a beginner-friendly package

Operating system: Windows and Mac, Android and iOS | Maximum devices covered: 10 | Stand out features: Folder Shield anti-ransomware, high-quality URL filter, password manager

Multi-layer anti-ransomware

Streamlined user-friendly interface

Impressive range of features

Experts may want more configuration options

Theres a lot to like about Trend Micros flagship security suite - Trend Micro Maximum Security - not the least of which is its polished and user-friendly interface, backed up by robust virus protection and multi-layered anti-ransomware defenses.

The package also gives you better-than-average URL filtering for safer web browsing, and this system is smartly configurable, too. That said, one slight weak point with Trend Micros offering is that there isnt a huge amount of low-level control such as virus scan options so more demanding users may find it lacking here.

Maximum Security also provides parental controls, social network protection, and PC maintenance tools, although the latter isnt a strong suit. It also boasts data theft prevention countermeasures, a secure vault for storing sensitive files, and an impressive integrated password manager.

Less tech-savvy types will appreciate the ease of use here, which also goes for the capable mobile apps. Theres a 30-day trial as well, so you can thoroughly check all this out for yourself before buying.

A quality all-rounder security solution

Operating system: Windows and Mac, Android and iOS | Maximum devices covered: 10 | Stand out features: Ransomware Shield, Wi-Fi Inspector, SecureLine VPN

Well-featured suite

Bundled VPN

Plentiful configuration options

Some impact on PC performance

Upselling of other products is unwelcome

Avast is best known for its excellent free antivirus product, but the firm also provides an impressive all-round security solution in the form of Avast Ultimate. This is another offering which bundles a full VPN, giving you far more protection online than a typical antivirus suite, and making Avast Ultimate a value-packed buy for those who are also thinking of picking up a VPN.

Avasts SecureLine VPN may not compete with the best VPN providers out there, but it delivers a solid enough and importantly speedy enough service. Avast Ultimate also sports a decent password manager, a secure browser, and some excellent network protection measures.

This suite has plenty of options for experts to play with in terms of configuration, and has solid enough antivirus defenses, backed up by a very commendable Ransomware Shield for extra protection on that front.

There are some minor irritations here, notably some of Avasts unwelcome attempts to flog its other products in a paid-for suite, and we observed a little system slowdown in our review. But these niggles aside, if you need a VPN as well as antivirus, Avast Ultimate is a great choice.

Supremely streamlined and fast-performing security suite

Operating system: Windows and Mac, Android and iOS | Maximum devices covered: 5 | Stand out features: Password manager, identity protection, 70-day money-back offer

Unbelievably lightweight app

Really quick scan times

LastPass-powered password manager

Question marks over antivirus engine

iOS app is limited

Webroot majors in being incredibly lightweight and fast-performing. Indeed, it has a minuscule memory footprint, and takes up next to no space on your system drive, as the products virus definitions are all stored in the cloud.

Yet despite this minimal impact on your machine, Webroot Internet Security Plus comes with plenty of features. Theres online banking and identity theft protection, plus webcam protection, an accurate anti-phishing system, and a password manager (which is actually powered by LastPass one of the most trusted names in password management, so you can be assured of the quality here).

Downsides? Well, you might get lightning quick malware scans, but Webroots antivirus engine hasnt been evaluated by the big-name independent testing labs in recent times. Thats not necessarily bad, but from what weve seen ourselves and what ratings are out there theres something of a mixed picture of its antivirus accuracy. Also bear in mind that the iOS app doesnt offer malware scanning (it consists of a secure browser, backup, and password manager).

Still, Internet Security Plus is a well-rounded package, and a 70-day 100% money-back guarantee shows Webroots confidence in its suite.

Demanding users will really appreciate ESETs configurability

Operating system: Windows, Mac, Linux, Android | Maximum devices covered: 5 | Stand out features: Network protection, password manager, anti-theft feature

Highly configurable

Very light on system resources

Some features are underpowered

Independent lab test results arent the best

ESET Smart Security Premium packs in a lot of features. This includes parental controls, network monitoring, additional network protection, webcam protection, secure file encryption, and an anti-theft feature for Windows devices (allowing for location tracking, and more) is an interesting bonus.

That said, the quality of some features can vary: for example, the system of parental controls is pretty barebones, but the password manager is very well fleshed-out. ESET also offers plenty of configuration options, which will please experts, although computing novices may find it tricky to get to grips with in some respects.

ESETs core antivirus protection seems solid, albeit with some mixed evaluations from independent testing labs.

Bear in mind that ESET Smart Security Premium isnt a great value proposition for longer-term subscriptions either, but its fine for a one-year plan, and a decent shout for an all-round solid security suite (plus it covers Linux, too).

Way better value than McAfees entry-level antivirus

Operating system: Windows and Mac, Android and iOS | Maximum devices covered: 5 | Stand out features: Configurable firewall, password manager, performance boosting tools

Browsing and app performance boosters

High-quality spam filter

Decent value

Clunky interface

Only average malware protection

As the name suggests, McAfees baseline product, Total Protection Individual, only covers one individual device. And if youre thinking of buying it, and you own more than just a Windows PC, then youre almost certainly better off purchasing McAfee Total Protection Multi-Device. For not much more money, you get a sound security suite which protects up to five Windows or Mac computers, and Android or iOS devices. US customers also get a useful additional extra in the form of identity theft protection.

McAfees interface is simple and streamlined, which keeps things easy for beginners, although itll likely be too sparse for more experienced users. The UI also suffers from some annoying quirks.

Independent test lab reports suggest McAfee Total Protection offers solid enough antivirus defenses, if not class-leading. Overall, McAfees suite represents reasonable value and a decent choice in the Multi-Device package, with some nifty extras for boosting web browsing and app performance.

Read the original:
Best internet security suites of 2020: anti-virus and anti-malware cyber security - TechRadar

Written by Brett Winterford Apr 13, 2020 | CYBERSCOOP

A common adage in information security is that most startups dont hire their first full-time security engineer until theyve got around 300 employees.

If an app only stores public data and has no need to authenticate users, that might not present much of a problem. But when an app needs to be trusted to protect the confidentiality of a persons political preference, its something else entirely.

Its why Tusk Philanthropies an organization devoted to bringing mobile voting to the masses is playing matchmaker between a half-dozen mobile voting startups and the security experts that can help bring them up to snuff.

The team at Trail of Bits a boutique software security firm based in New York was commissioned by Tusk in late 2019 to conduct a thorough white box security test of mobile voting app Voatz, an app used in five states. The testers would have full access to all the source code and documentation they required to discover security gaps and recommend fixes.

The code looked sound, as it was clearly written by highly competent engineers. But after waiting over a week for technical documentation they requested from the startup, the Trail of Bits team had nothing to work off beyond a single page that amounted to a security policy.

After several meetings it became clear why we werent getting the documents we wanted, says Trail of Bits CEO Dan Guido. The person preparing them was the CEO.

The companys two co-founders were responsible for maintaining its substantive code base while straddling the complexities of running the Voatz business.

In total, Trail of Bits published 79 vulnerabilities in the app, a third of them high-severity. While some of the more avoidable misconfigurations found in the code became a source of mockery, the folly of any one bug was missing the point, according to Evan Sultanik, the lead tester on the project.

Im less concerned about finding hard-coded encryption keys copied from Stack Overflow in the code base, he told Risky Business. Im more worried that those keys were still in the code base since the last time it was used in 2018. There was a lot of evidence that this company is moving very, very fast and trying to keep up with the new requirements of each new election the app is used in. They are developing features on the fly.

With elections in the United States run and governed separately by each state, the functional requirements for any given voting system vary dramatically. None of the pilots are large enough to generate any meaningful revenue.

All the commercial electronic voting vendors will face the same time and resource constraints, Guido said. Software security and cryptography expertise is rare and expensive. I wish I had more of them.

He credits Tusk Philanthropy for co-funding security reviews for election system startups, some of whom couldnt afford them until they get significant scale. Tusk is doing so with the hope of eventually convincing the world that mobile apps will prove a safe, secure and convenient solution to voting systems that disenfranchise large swaths of the population.

Security testing might be more affordable if there was a global or national standard to test every election app against. But today, none exists. Election security expert Harri Hursti said that there is no criteria that governs the accreditation of voting devices used at polling stations.

They are not tested, Hursti said. In many states, the vendors certify themselves against whatever standard they choose and the evaluators are commissioned by the vendors.

Hursti has spent the better part of 20 years shining a light on the lax security in the voting systems. He co-founded the DEF CON Voting Village in which hackers are encouraged to try and break voting machines picked up off eBay and in government surplus auctions. Hes also been featured in two HBO documentaries Hacking Democracy and Kill Chain.

Hursti credits California and Ohio for setting a tougher testing criteria, but adds that testing spends a disproportionate amount of effort on safeguarding against a voter being electrocuted at the polling place compared to securing the data they submit.

Even with the bar as low as you could set it, there is no meaningful security testing, he said. It doesnt exist.

The federal government does maintain voluntary guidelines for voting machines in the polling place. But these have traditionally covered just about every aspect of the device apart from its security characteristics. A second version released in draft in late February introduced basic requirements around access control, data protection and detection and monitoring.

The revised standard emphatically states, for the first time, that no device or component of an election system should use external network connections. But it excludes any device that allows voters to mark a ballot outside a polling place, leaving very little guidance for election officials that wish to run remote elections.

Hursti believes that a set of federal standards written by security professionals at a body like the National Institute of Standards and Technologies and other election officials should be made mandatory. But he isnt holding his breath.

There is a strong feeling that any federalization of elections is unacceptable even in areas where it makes sense, he said. CISA is offering a lot of free services and tools to the states to help them secure the elections. There are a number of states that refuse to take free help, because their attitude is that this has to remain a state issue.

One of the key selling points for the Voatz app was that it would use the properties of decentralized blockchain to record a voters preference in some immutable yet auditable way.

This was what captured the attention of Mike Specter, a Ph.D. student at Massachusetts Institute of Technology who, unbeknownst to Trail of Bits, had started reverse engineering the Voatz app with one of his peers, with nothing guiding them but their own curiosity.

As academics wed previously explored all the theories of how you might use the blockchain to solve problems at the ballot box, he said. And our conclusion before we had ever studied any implementations in great details was that even at a theoretical level, a blockchain doesnt solve the core technical issues related to voting that would make elections more secure, and could in fact introduce further vulnerabilities.

No matter where their research led, Specter would always return to a basic problem: Couldnt someone just hack your phone and get the key? So why does any of this other stuff matter? The underlying problem is that consumer-grade devices are not that secure and dont stand up to the sort of adversaries that have the capability of buying zero-days and going after devices en masse. There has been insane amounts of losses from digital currency that is inaccessible due to people losing their keys or having their keys stolen.That logically led us down the path of asking ourselves what Voatz was doing, seeing as they make claims to use the blockchain to great effect.

Specter and fellow Ph.D. student James Koppel conducted a two-week black box study of the Voatz app. Without access to the Voatz source code, server or documentation, the two students had to painstakingly reverse-engineer the app to understand how it functioned.

As far as we could tell at the time, no one had ever publicly released a security review of Voatz, Specter said. Any publicly available audits didnt seem like audits in the computer security sense, and more so audits in the user testing sense. The fact the app works as intended is not the same as testing for what an adversary can do with this thing. There was also no whitepaper to explain what their architecture was. They talked of it including a mixnet, hardware-based key storage and lots of other security attributes that put together, you could hallucinate a number of these schemes, but we could find no evidence of it. We started pushing on it and it kept getting a little more weird.

Tellingly, the duo tapped into some of the same misconfigurations and missing features that the Trail of Bits study would later document. In the case of two young Ph.D. students, Voatz was confident it could refute their findings. If they hadnt seen the full picture, its founders reasoned, how could they know whether it was secure?

Specter has huge respect for election officials and the very difficult challenges they face. But he urges them not to be swayed by the big buzzwords like blockchain and AI. They will get far better results if vendors are simply forced to be transparent. They should be held to stronger testing regimes and for their source code to be open for analysis. He remains hopeful that a more rigorous set of security requirements enforced by one or more larger states will become a de facto standard for others to follow.

Jennifer Morell, expert adviser to the Cybersecurity and Infrastructure Security Agency agrees that online voting solutions are not ready for use in the November general election, but also hopes the academic and technology communities will keep pushing the boundaries to find workable solutions for remote voting.

I understand all the security issues around internet voting, but we should always be exploring and pushing for better ways to do this, she told Risky Business. Were not ready for November, but well before the next election we need to sit down with clarity and think about how to solve this together.

The most promising technology that might be applicable to remote marking of ballots would be homomorphic encryption, a form of cryptography in which computation on ciphertext produces the same result as computation on plaintext.

If homomorphic encryption was performant, Hursti says, it could preserve the privacy and secrecy attributes required for elections without compromising on auditability.

Today, homomorphic encryption is used in academic papers more so than in practice. To complicate matters, laws in some states insist that the common person has to be able to understand how votes are counted and how the election is ordered with no special training and tools.

We are lacking fundamentals, Hursti says. We cant lock the 10 smartest people in the world in a room and expect to solve the problem. This is a problem well need to think about for the next 40 years. The good news is [that] if you solve problems like this for elections, you would likely greatly improve the security of a lot of other applications.

There are lots of areas where more security research is more urgently needed, he said. How do we improve the security and usability of online voter registration? How do we improve election night reporting systems?

Guido agrees that some big leaps need to be made before allowing untrusted consumer systems to be used for remote marking of ballots.

There needs to be funding available for fundamental research, he said. The Election Assistance Commission with its two newly appointed security staff is not currently equipped to provide the step-change required. Guido speculates that considering the important nation-building work undertaken by the Department of Defense and Department of State in the aftermath of foreign conflicts, some of these larger bodies may have the right incentives and resources to contribute.

Election security is a hard problem, thats why Im attracted to it, Guido said. But its not an intractable problem. It feels to me like there are too many entrenched interests that want to prevent new entrants in voting technology. We need to bowl over that opposition if were to get this right. As a security community, we need to come at this problem as engineers and do more than just point out flaws. We need fundamental research to be funded and made available as a public resource.

Brett Winterford is an editor with Risky Business. This post was reported by and originally appeared on Risky.Biz, and was produced with support from the William and Flora Hewlett Foundation. You can read part one here.

Read more:
Why you can't trust your vote to the internet - CyberScoop

The Information Security Forum predicts the coming threats with a very good track record so far. Get your company ready for these threats.

Armed with a "state of the industry" survey, most companies try to identify gaps to play catch up. In cybersecurity, that is too late. Companies need to stay a step ahead of malicious actors.

Some companies, like Shell Oil, are known for creating a variety of possible scenarios for the future and preparing for all of them. But with security, that is a nearly infinite task. The ideal choice would be to find someone who can predict future threats and to prepare for them in the present.

SEE: Brute force and dictionary attacks: A cheat sheet (free PDF) (TechRepublic)

That's not as far-fetched as it seems.

The Information Security Forum's (ISF) Threat Horizon Report, released annually, has actually predicted these risks:

Threat Horizon 2019 (published in 2017) suggested that the blockchain would be under attack, subverted to commit fraud and money laundering

Threat Horizon 2020 warned that the new biometric and facial recognition systems were more error-prone, and easier to trick, than anyone realized

The 2021 Threat Horizon pointed out malicious drones as a risk for target attacks

All three of these events came to pass. Most core blockchain code is open-source, and criminal contributors to the blockchain did add back-door theft code into dependencies many blockchain systems were relying on. Facial recognition systems have been underwhelming, while airports have been shut down by drone interference.

The 2022 report, which will be released on Thursday, breaks down the next threat into three categories.

Invasive technology disrupts the everyday. The Internet of Things (IoT) brought an incredible number of internet-connected devices inside the home, the enterprise, and public spaces, many of them with microphones and video cameras. While we have already seen "Hey Siri" on television trigger the devices at home, the ISF sees attacks on these devices impacting the physical world directly, with serious impacts on privacy, security, and personal safety.

Neglected infrastructure cripples operations. "Where" the software is running is becoming increasingly cloudy and exposed to the internet. These systems are also more complex and interleaved, with growing dependencies. That means a single failure from any source: Man-man, natural, accidental, or malicious-could lead to a service outage. Meanwhile, customers increasingly expect a 24/7 enterprise. Opportunistic actors can take advantage of this increased attack surface to steal data or cripple operations.

A crisis of trust undermines digital business. The ISF sees the first two issues creating large and public failures. Think about banks or insurance companies that "lose" or "leak" money or customer information. That can lead to a lack of trust in the new, evolving cloud compute infrastructure, in brand reputation, or even in the reputation of the executives running the company. Even a company that succeeds in maintaining its integrity, that trusts the right infrastructure and hires the right employees could suffer as the crisis of trust impairs its ability to do digital business.

SEE: The 10 most important cyberattacks of the decade (free PDF) (TechRepublic)

ISF goes into much more detail about particular types of malicious actors, from robo-helpers (which they define as network-connected autonomous agents) crawling for data to "deep fakes" which is truthful digital content, manipulated by artificial intelligence to seem believable, the worst possible kind of "fake news."

Steve Durbin, managing director of the ISF, explained how to leverage work this way: "The value lies in discussing upcoming scenarios, planning for those scenarios and, most importantly, engaging cross-organization teams in discussing the response playbook. COVID-19 has shone an additional light on the need for scenario planning for business continuity, and many organizations are already reviewing their risk postures and assessing future responses not just to the pandemic but also to other emerging threats. The Threat Horizon and its associated scenarios have a key role to play in this discussion."

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Image: Sompong Lekhawattana, Getty Images/iStockphoto

Here is the original post:
IoT security, neglected infrastructure, and a crisis of trust deemed major threats for 2022 - TechRepublic

Due to the novel coronavirus situation, billions of people are currently working remotely, many for the first time in their lives. It could be out of personal fears of infection, in obedience of local social distancing regulations, or in accordance with company-wide policies, but the end result is an unexpected shift from the norm of working in the office to working from home (WFH).

Managing a workforce that has been suddenly transformed into a remote one is challenging on many levels, not least because of the need to maintain cybersecurity standards. Prior to the COVID-19 outbreak, many enterprises had yet to contemplate a mass work-from-home scenario, and they therefore lack the policies, devices, or processes to support it securely.

What's more, in recent weeks, companies have been scrambling to preserve their security profiles in the face of an uptick in malicious actors seizing the opportunity to hack corporate systems. That's the bad news. The good news is that you're not powerless. There are practical steps you can take to safeguard confidentiality and cybersecurity with a WFH workforce.

Here are a few of the basics.

Photo by Dan Nelson on Unsplash

A VPN (Virtual Private Network) is the first and most obvious way to secure your organization when employees are logging in from home. When people work from home, they use public internet or weakly-secured WiFi connections to access confidential data in your central database. They also share sensitive files, offering a golden opportunity for hackers to intercept data mid-stream.

A VPN uses strong encryption to create a "tunnel" for any interactions between your employees, and between your employees and your secure corporate network.

Atlas VPN, one of the biggest VPN providers, reports that VPN use has surged in areas with high numbers of coronavirus cases, such as Italy and Spain.

Ignorance can be your biggest danger. If you're used to dealing with a secure internal network, you won't always know where your vulnerabilities and weaknesses lie when it comes to remote access.

This kind of blindness can lead quickly to data breaches that you might not even be aware of until months after the event.

To resolve this issue, use tools like Cymulate's breach and attack simulation platform, which runs simulated attacks across remote connections to assess your cybersecurity risk levels. This can help you determine the extent to which your settings, defenses, policies, and processes are effective, and where you need to make changes in order to maintain a secure organization.

Photo by Mimi Thian on Unsplash

Employees are vital to your success, but they can also cause your downfall. According to security experts at Kaspersky, 52 percent of businesses acknowledge that human error is their biggest security weakness. What's more, some 46 percent of cybersecurity incidents in 2019 were at least partially caused by careless employees.

Employees can cause data breaches in multiple ways, like failing to use a secure connection to download confidential data, forgetting to lock their screens when working in a public place, or falling for phishing emails that install malware on their devices. In addition, your employees might be the first to know about a security breach but choose to hide it out of fear of repercussions, making a bad situation worse.

It's vital to invest time and energy in employee training to ensure that everybody knows how to reduce the risk of successful hacking attacks and is not afraid to report security incidents as soon as they occur. Frequent reminders, online refresher courses, and pop-up prompts help employees take security seriously.

Access controls are a vital layer of security around your network. Losing track of who can access which platforms, data and tools means losing control of your security, and that can be disastrous.

Even in "normal" times, 70 percent of enterprises overlook issues surrounding privileged user accounts, which form unseen entrances to your organization. As the WFH situation drags on, it's even more likely that access controls will lag, opening up holes in your perimeter.

In response, use role-based access control (RBAC) to allow access to specific users based on their responsibilities and authority levels in the organization. By monitoring and strategically restricting access controls, you can further reduce the risk that human error might undermine your careful cybersecurity arrangements.

Because most companies were not yet set up for remote work when the COVID-19 crisis hit, the lion's share of devices used to connect from new home offices are not owned or configured by employers.

And with employees more likely to use their own computers when working from home, endpoint attacks become even more serious. SentinelOne, an endpoint security platform, reported a 433 percent rise in endpoint attacks from late February to mid-March.

Although it can seem difficult to secure endpoints when employees are working remotely, it is possible. SentryBay's endpoint application encryption solution takes a different approach, securing apps in their own "wrappers," as opposed to working on a device security level.

Finally, weak passwords are a known gift for hackers. The problem only grows when employees work from home, as the contextual shift makes it easier for them to ignore reminders from your security team. They are also more likely to share or save credentials for faster remote access when it takes time to get a response from a newly remote security team.

If you don't already use a password manager to force employees to generate strong passwords and avoid sharing or saving credentials, now is the time to begin. CyberArk Enterprise Password Vault requires users to update passwords regularly, enforces multi-factor authentication (MFA) to reduce the chances of hackers entering your network through stolen passwords, and provides auditing and control features so you can track when someone uses or misuses an account.

Consumer password managers like LastPass and 1Password likewise offer business tiers with similar features.

With enterprises unprepared for mass remote working, industries worldwide could face a security nightmare. However, applying best security practices and using advanced tools to test for vulnerabilities, supervise access controls and password management, secure connections, and apply endpoint encryption can go a long way.

Make sure your employees know your security policies will help harden your attack surface, improve your cybersecurity posture, and prevent COVID-19 from causing a cybersecurity plague.

From Your Site Articles

Related Articles Around the Web

Go here to see the original:
Aspects of cybersecurity not to overlook when working from home - Big Think