It has been almost two years since the pandemic began, with the first lockdown in March 2020 forcing businesses to adopt a remote working approach.
Now that Kenya is opening up, a hybrid model is quickly becoming the norm, with employees splitting their time between the office and their homes.
As a result, the IT department’s role has become more complicated than ever, owing to the rapid increase in remotely connected devices.
Cyberattacks have, in turn, become more common, with global statistics showing that a cyberattack takes place every 11 seconds. This is where cybersecurity enters the picture. It refers to the process of safeguarding data, devices, and networks against unauthorized access and other related criminal activities and ensuring the confidentiality and integrity of relevant information.
With October being Cyber Security Awareness Month, organizations should use this opportunity to re-evaluate the safeguards they’ve implemented and also add new measures if their workforce is largely distributed.
This article looks at five factors that businesses can implement to secure their workforce:
Clearly define security policies and procedures
When establishing policies and standards, companies must consider their cloud platforms, software development lifecycles, DevOps procedures and technologies, and compliance with regional regulations. Basic security hygiene alone is not sufficient at the enterprise level to protect against advanced cyberattacks.
When putting together policies, businesses should keep in mind the following:
- Consider current threats, compare them to industry standards, and devise a comprehensive security strategy.
- Publish transparent security policies and standards internally to assist internal stakeholders in making critical security decisions.
- Set goals, processes, and accountability to achieve the overall company’s security policies and standards.
Train, equip, and reward
It is important to educate all employees on the evolving threat landscape. Businesses should educate all stakeholders about the many types of dangers – from phishing to ransomware to social engineering.
Are your staff aware of these threats, and the damaging results of such an attack, and trained to know what to do and whom to call in the event of an attack? If they aren’t, then you should conduct cybersecurity awareness training. It helps your employees to get a broader view of cybersecurity and get down to the elements, to wit:
- Information Security: It aims to safeguard the private data which is stored, shared, and processed in the system.
- Network Security: It aims to protect the computer network from misuse and, in extreme cases, unauthorized access.
- Application Security: It focuses on protecting the application and software from cyberattacks and other risks.
- Disaster Recovery: It focuses on the process of recovering any corrupted or lost data and restoring business operations to ensure continuity.
Importantly, awareness training will acquaint employees with the best cybersecurity practices to mitigate risks. Businesses should provide basic security tools to their employees, such as password managers, multi-factor authentication, data backup, and behavior threat analytics.
Data backup is especially one of the cybersecurity components that businesses should take seriously. Data backup solutions will boost file protection. This is where partnering with a reputable software company comes into play. They can offer businesses real time server backup and comprehensive file-protection solutions.
Knowing the relevant system threats is also critical. Threat analytics, especially, can help warn users and administrators when an account is accessed from an unknown IP during odd hours. Also, consider incentivizing employees with a rewards program. For instance, internal cybersecurity and bug bounty initiatives at Zoho have aided immensely in educating and rewarding responsible staff.
Protect identities and access keys
Identity and key protection should be a primary priority for every cybersecurity team. It’s critical to securely authenticate and authorize individuals, services, devices, and apps to ensure that only valid accounts/devices are able to access the company’s data.
For example, many businesses now use SSH keys and SSL certificates in the background to perform safe cryptographic operations.
When it comes to identity management, the beginning point is to implement tactics such as strong passwords, passwordless authentication, multi-factor authentication, role-based access, identity-based perimeters, and zero-trust access control strategies.
Secure the endpoints
Once an identity has been granted access, a user can gain access to numerous endpoints and applications owned by the company using the identity. In a hybrid environment, enterprise data is communicated over smartphones, IoT devices, BYOD, cloud servers, and more, and many companies still rely on traditional firewalls and VPNs to restrict access.
Rather than relying on these legacy models, companies should adopt a least-privilege access strategy for users, applications, systems, and connected devices.
It’s important to provide only a minimum level of access based on job roles and responsibilities. This technique has the following important benefits:
- Cyberattack surface is reduced
- Better control of malware spread
- Increased efficiency in compliance and audits
Keep applications up to date
Unpatched systems and apps are some of the easiest targets for hackers. Whenever a new security patch is issued, attackers will attempt to exploit the flaw before the patch is applied in order to obtain access to corporate data.
Thus, enterprises should take advantage of patch management and vulnerability management tools that offer immediate implementation. Other benefits include improved efficiency and simplified compliance, helping avoid unwarranted fines.
Businesses in Kenya are currently more interconnected than they have ever been. While this is a development that will help many industries thrive, it also implies that businesses must prioritize cybersecurity to ensure successful benefits realisation.
The truth is that it’s a matter of ‘when,’ not ‘if,’ your company will be targeted, and being prepared with a robust cybersecurity and resilience strategy is the greatest defense.