Many businesses that have allowed employees to continue working from home for the foreseeable future are aware that they need to update their cybersecurity. It’s likely that they have allocated some budget and IT resources to make those necessary changes. However, IT budgets are finite. Given the economic disruption of the pandemic, enterprises must strategically decide where to invest their cybersecurity budget most effectively. 

There are many different approaches to cybersecurity, and the way your business previously protected data may no longer work in a remote-work paradigm. Here’s how to understand how working from home impacts your data security – as well as some steps to take to make sure you are prioritizing the right things.

 Types of cybersecurity

Cybersecurity can be broken out into categories based on what you wish to protect. Cybersecurity practices are commonly classified into one of these five areas: 

• Network or perimeter security: protection for your network traffic by controlling incoming and outgoing connections. This prevents hackers and malware from entering and spreading throughout a network. 

• Data security or data loss prevention (DLP): protection for your data by enforcing strict protocols and safety measures on the location, classification and monitoring of data (both stored data and data as it is used). 

• Cloud security: protection for data used in cloud-based services and applications. 

• Device security: protection for on-premises devices such as computers and servers. 

• Application security: protection for your apps from attacks with testing, app shielding strategies, and more. 

There are many subcategories within these broad cybersecurity distinctions, but IT professionals tend to focus on these areas. 

All these types of cybersecurity are important. When offices are working business as usual, most IT professionals tend to prioritize network security first; devices, applications, and data sharing are all linked through the same network, so protecting the perimeter makes sense. 

As more people work remotely, however, investing in network security makes less sense. Data protection and cloud security are more important as our online needs are rapidly changing. With limited investment available, how should you prioritize your cybersecurity? 

New approaches to cybersecurity

As one expert reported in Forbes, “To protect customers, employees, and reputations while ensuring compliance with evolving regulations, companies should shift their security strategies from an outdated reliance primarily on ‘perimeter protection’ to a companywide approach based on ‘secure data access.’”

As our online behavior changes, the threats evolve too. Cloud services, for instance, are becoming a new target for hackers. McAfee found that remote attacks on cloud services and collaboration tools, like Slack, increased 630% during the first four months of 2020. Employees are using their own devices and their own networks, so shifting your cybersecurity to focus on cloud security is a good first step to protecting data outside the office firewall. 

Data loss prevention, DLP, is another key area for IT professionals. Your enterprise must prioritize building a strategy that prevents unauthorized access to and use of data. There are three key areas here to consider:

• Data discovery: measures to identify PII and other sensitive data as it is collected and used across your organization.

• Data transformation: measures to secure data by masking or anonymizing PII so only those in the company who need access to data have it. 

• Data access: granular controls that ensure the right people can access specific data or data formats – role-based and attribute-based measures.

In the immediate term, IT professionals need to ramp up cloud security and data security to accommodate remote employees. Here’s how to do it. 

Steps to improve your data security

One of the easiest ways to improve your data security is by educating your employees. This effort takes time, but very little financial investment. 

Teach your team ways they can improve their at-home security practices. Nightfall found that lax email policies contribute to a huge amount of data theft. Poor password hygiene for email accounts – like using “password1234” or another easily guessable code – is a big mistake that many people are (still) making. Companies are also not utilizing multi-factor authentication when signing into accounts. Lack of employee training and clear WFH security policies are further contributing factors to the increase in data theft via email.

Next, address changes to your network security by providing tools for employees to safeguard their personal devices. One study by Security Magazine discovered that 56% of employees are using their personal computers to work remotely in response to COVID-19. Moreover, nearly 25% of employees working from home don’t know what security protocols are in place on their device. IT teams should perform one-on-one audits with each remote worker to assess what security measures are in place and provide the tools and feedback needed to improve the cybersecurity of at-home networks and devices. 

Lastly, add an automated DLP solution like Nightfall to dramatically improve your data security.

About Nightfall

Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack & GitHub as well as IaaS platforms like AWS. You can schedule a demo with us below to see the Nightfall platform in action.

“This article is originally posted on Nightfall.ai”

The SafetyDetectives vulnerability tool is the only free online scanner that quickly checks your PC and devices for known vulnerabilities (CVE Database). Once the scan is complete, it will explain how to fix any issues that may have been detected.

1. What does this vulnerability scanner do?

This online tool works with the Common Vulnerabilities and Exposures (CVE) database to make sure your software is updated with the latest security patches.

The CVE database contains the world’s largest database of cybersecurity vulnerabilities. When IT professionals find and fix a vulnerability issue within a program, they report it to the CVE database so that all users can keep their software up-to-date.

The SafetyDetectives vulnerability tool scans your operating system’s settings and browser against the information in the CVE database, and it recommends security patches based on those vulnerabilities.

2. How do I know if my computer is infected with a virus?

Classic symptoms of a virus are:

• Computer freezes
• Slow performance
• Popup error messages
• Application crashes

Many cybercriminals create viruses which run silently in the background — stealing credit card numbers, bank account passwords, and other private data without you even knowing. It’s possible that you might not even experience any of these “classic virus symptoms”.

While online tools like this one can help identify software security flaws, they are unable to detect and remove viruses from a computer system. For that, you’ll need an antivirus program.

3. How do I get rid of malware?

If you know your computer has malware on it, you’ll need to download an antivirus scanner — like Norton or McAfee. These programs will detect and remove all of the malware from a system, and they’ll guarantee that you stay protected against all future threats.

4. What's the best way to stay protected from malware?

The first thing you should do is learn the basics of how to keep your computer secure (Mac users go here; Windows 10 users go here).

This means that you need to have an antivirus installed, you need to stay away from dangerous websites, and you need to stay up-to-date with the latest security patches for both your OS and your system’s applications.

5. Do I need to pay for an antivirus?

When it comes to antivirus software, you get what you pay for! No business model supports “free” products — you’re always going to “pay” somehow.

Most internet security companies which have free antivirus software only provide very basic protection to their free users. They’ll eventually ask for you to pay for an upgrade before they’ll provide you with complete antivirus coverage. Some companies — like Avast/AVG — might even steal your browsing data and sell it to advertisers as compensation for providing a free product.

That said, there are some decent antivirus programs available for free. But free antiviruses should only be used to secure systems that don’t have a lot of sensitive information — passwords, banking info, photos/videos, etc. It’s always best to not deal with the limitations of a free antivirus and instead download a low-cost premium antivirus like Norton 360.

Source: https://www.safetydetectives.com/vulnerability-tool/