In the webinar on cybersecurity that we organized a few weeks ago, Alvaro, one of our speakers, expert in cybersecurity and with experience in several departments of multinational companies, talked about the change of scenario that all companies have suffered. The increase in teleworking is shaping the culture of companies and how they perform all kinds of processes. So now, access control, role definition, and automation of equipment permissions have become a priority; companies are looking for the best user provisioning software that provides the highest security standards and allows these organizations to be cyber secure.
The vast majority of companies, especially in the technology sector, have worked in recent years to improve the performance of remote access facilities. Still, the installed capabilities are often insufficient for remote work, increasing the potential security risks. IT departments are under pressure to upgrade capabilities quickly, resulting in existing systems being changed or replaced with little time for thorough security testing. Vulnerabilities in remote access systems and infrastructure and access protocols can go undetected and be exploited in cyberattacks.
There are many weaknesses that these systems present; insecure endpoints and weak authentication of remote access are two main elements that increase the risk of these attacks culminating in success.
One problem that has increased with the advancement of teleworking is that password-based authentication without sufficient or compliant standards is considered weak in the context of remote access. The enforcement of solid password requirements remains a critical issue to be addressed. Functions involving essential systems and data that cannot usually be performed off-site, e.g., treasury operations, may have to be performed remotely during a pandemic. Existing controls may not be sufficient to protect critical systems and data. Technical and policy measures focused on information security are essential to mitigate the cybersecurity risks of remote access. Although not specific to remote access, stringent information security policies (including data access control and comprehensive logging and monitoring policies) underpin remote access security. Many companies have failed to address this issue quickly and have had weaknesses in enforcing such policies that have led to attack scenarios during the pandemic.
1 Robust configuration controls should be implemented at both ends of the remote connection to prevent possible malicious use. For example, employees should not have administrator rights on company-owned laptops.
2 Automation of permissions is key to the success and security of your company so that an administrator can control which employee, and in which role, can access which data. And secure onboarding and offboarding processes will prevent future security breaches. Establish hardened security configurations and updated security solutions, and connect security settings with best practices.
3 Have an all-in-one tool that allows you to organize your company into teams and roles globally and allocate the SaaS resources needed by each team. in short, manage the provisioning of users and the necessary permissions automatically. It will save time and effort for the HR team and provide optimal security.
4 It is no less important to make employees aware of the importance of security and good and bad practices, so they should reinforce the message that remote work increases cybersecurity risk, which must be addressed with solid controls. At this point, having a password manager or tool to help save and share institutional passwords will also be very important.
Some steps are simple and will prevent greater evils in the long run and mitigate the risk that the equipment can compromise the company's data and applications. In addition to allowing them to achieve all their objectives, thus drastically reducing the risk of business interruption, are:
1. Use VPN to connect to corporate servers.
2. Adopt two-factor authentication.
3. Use company-installed applications.
4. Update all software and applications.
5. Have roles established, and the administrator can automate access at all times.
6. Configure your Wi-Fi with a secure password and WPA2 protocol, make a copy of the data.
The change of scenery that we have experienced in recent times has meant that companies have had to adapt to the new circumstances. Companies that have achieved the formula for success have worked quickly and efficiently to achieve security and automation of permissions.
From MyLenio, we provide our clients with the security standards to ensure that your company is cybersecurity, in addition to globally organizing your company in teams and roles.