Cloud Hosting

It has been almost two years since the Covid-19 pandemic began, with the first lockdown in March 2020 forcing businesses to adopt a remote working approach. Now that South Africa is opening up, a hybrid model is quickly becoming the norm, with employees splitting their time between the office and their home.

As a result, the IT departments role has become more complicated than ever, owing to the rapid increase in remotely connected devices. Cyberattacks have, in turn, become more common.

The most high-profile cyberattack happened in July, when Transnet, the state-owned railway company, was forced to shut down for a week. This attack, however, was only one of many, as global statistics show that a cyberattack takes place every 11 seconds.

This article looks at five factors that businesses can implement to secure their workforce:

When establishing policies and standards, companies must consider their cloud platforms, software development lifecycles, DevOps procedures and technologies, and compliance with regional regulations. Basic security hygiene alone is not sufficient at enterprise level to protect against advanced cyberattacks.

When putting together policies, businesses should keep in mind the following:

It is importantto educate all employees on the evolving threatlandscape. Businesses should educateall stakeholders about the many types of dangers from phishing to ransomware to social engineering. Are your staff aware of these threats, the damaging results of such an attack, andtrained to know what to do andwhom to call in the event of an attack?

Businesses should provide basic security tools to their employees, such as password managers, multi-factor authentication, data backup, and behaviour threat analytics. Threat analytics, especially, can help warn users and administrators when an account is accessed from an unknown IP during odd hours.

Perhaps consider incentivising employees with a rewards programme. For instance, internal cybersecurity and bug bounty initiatives at Zoho have aided immensely in educating and rewarding responsible staff.

Identity and key protection should be a primary priority for every cybersecurity team.Its critical to securelyauthenticate and authorise individuals, services, devices, and apps toensure that only valid accounts/devices are able toaccess the companys data. For example, many businesses now use SSH keys and SSL certificates in the background to perform safe cryptographicoperations.

When it comes to identity management, the beginning point is to implement tactics such as strong passwords, passwordless authentication, multi-factor authentication, role-based access, identity-based perimeters, and zero-trust access control strategies.

Once an identity has been granted access, a user can gain access to numerous endpoints and applications owned by the company using the identity. In a hybrid environment, enterprise data is communicated over smartphones, IoT devices, BYOD, cloud servers, and more,and many companies still rely on traditional firewalls and VPNs to restrict access.

Rather than relying on these legacy models, companies should adopt a least-privilege access strategy for users, applications, systems, and connected devices. Its important to provide only a minimum level of access based on job roles and responsibilities. This technique has the following important benefits:

Unpatched systems and apps are some of the easiest targets for hackers. Whenever a new security patch is issued, attackers will attempt to exploit the flaw before the patch is applied in order to obtain access to corporate data.Thus, enterprises should take advantage of patch management and vulnerability management tools thatoffer immediate implementation. Other benefits include improved efficiency and simplified compliance, helping avoid unwarranted fines.

Businesses in South Africa are currently more interconnected than they have ever been. While this is a development that will help many industries thrive, it also implies that businesses must prioritise cybersecurityto ensure successful benefits realisation. The truth is that its a matter of when, not if, your company will be targeted, and being preparedwith a robust cybersecurity and resilience strategyis the greatestdefence.

See the original post here:
5 cybersecurity best practices for businesses to support their workforces - Review - Review