The impact of the pandemic on cyber security
By Ralph Berndt, sales and marketing director of Syrex
Even prior to the pandemic, organisations had begun putting in place elements to manage distributed employees whether that be through corporate remote desktop or virtual private networking (VPN) capabilities. However, this was not done at the scale and at a rate required to manage the disruption caused by COVID-19.
Suddenly, companies had to deal with the influx of connectivity challenges that they needed to overcome for their employees to remain productive. Furthermore, support teams now had to manage providing access to critical systems, which were mainly hosted on-premises within the relative safety of their own corporate network. In many cases this resulted in companies having to implement more VPN licences to manage these additional external connections through their own firewalls.
The security elephant
But this gave rise to a significant security concern. A VPN does not provide any cyber security. It is merely a tunnel to the firewall so that users can authenticate themselves. However, during the lockdown, many employees were reliant on their personal devices to be able to work. Businesses then had to consider how to secure these personal endpoints that ultimately would be traversing VPNs to access their corporate networks. This created more complexity and additional security challenges.
Without proper endpoint protection in place (beyond simply relying on an anti-virus solution), the organisation remained at significant risk. This is where a hardened endpoint protection solution that provides a small firewall on every employee’s device, in line with that company’s security policy, becomes critical. Such devices notify the IT team if there has been an infection while trying to stop it from spreading across the network regardless of the user’s geographic location.
Invariably, all these challenges have given cause for businesses to consider additional security hardening, such as moving towards zero trust. This comes down to not trusting any device or user by default. While this is significantly more secure for any organisations, it is critical to ensure that all third-party software such as enterprise resource planning and customer relationship management is technically operable with these tools.
It has been a fine balancing act between zero trust and reducing the complexity faced by end-users who may not be in the office. How teams could collaborate while working remotely also became a factor to consider. The emergence of Microsoft Teams to address this has been one of the defining technology moments of the past two years.
The ability to share data and communicate more seamlessly with people in the organisation from a centralised environment has driven the adoption of Microsoft Teams significantly.
Microsoft has been influential in driving the agenda around security in this digitally driven world. Businesses should focus on multi-factor authentication (MFA). This has become fundamental for all user authentication and the building block for proper digital security.
MFA enables businesses to identify users by adding an additional layer of security that requires the user to verify themselves beyond their traditional username and password. This is done with either a one-time pin sent to their mobile phone or through the Microsoft Authenticator application. This ensures that the individual behind the screen has the authority to access that specific data.
Through this authentication, the company has an additional guarantee that the user has been identified correctly and can thereby be managed more effectively. So, if a device and or their username and password have been compromised, the additional MFA will ensure the company’s network is still inaccessible to an unauthorised user.