It seems as though risk is everywhere these days. And we’re increasingly accustomed to identifying, assessing, calculating, mitigating, managing, and living with it. Which makes sense, because we exist in a world where going to the grocery store merits a cost-benefit analysis, and we’re still wrapping our heads around the fact that we need to cross to the other side of the street when we see a Corona puppy heading our way.
Our idea of personal risk continues to shift as 2020 slogs on, but risk has always been an important consideration in the world of technology and cybersecurity. We’re just thinking about it — and talking about it — a lot more in our COVID world.
Are your employees still using shared home networks to fire up Zoom? Have they been installing those critical security updates and patches as instructed? Are key staff members accessing sensitive files from the homework-strewn dining room tables? When’s the last time you held a private conversation on your personal cell phone in front of a public audience of housemates and significant others?
If any of those scenarios sounds remotely familiar, it’s time to take a technology timeout.
For many Americans, how we work, where we work, and who we work with has changed. The workforce is increasingly — and for some, permanently — distributed. For many companies, short-term technology fixes have become long-term solutions. Which isn’t necessarily good news for their cybersecurity operations.
Cybersecurity operations are facing huge challenges
The World Economic Forum (WEF) notes that the pandemic has forced business leaders to adapt operating models faster than ever before. This shift is putting immense pressure on cybersecurity operations. As organizations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly.
Our heightened reliance on personal devices and home networks has made it easier for cyberattacks to occur in the first place. Plus, hackers are becoming more aggressive, and social engineering tactics are becoming even more sly and effective.
To complicate the issue even more, the World Economic Forum also notes that Security Operations Centers (SOCs) designed to look for anomalous behaviors are less and less effective because everything looks anomalous during this particular moment in history!
Is your IT up to the challenge?
Investing in IT means investing in cybersecurity
Just as the how, where, when, and who of work has changed, so has the way we look at risk. With the rollout and adoption of new technologies, we anticipate that more and more IT leaders with a keen eye towards compliance with data privacy laws will also invest in risk management and improve cybersecurity.
To effectively minimize vulnerabilities, cyberattacks, and data breaches, technology teams need to be proactive in developing, designing, and implementing risk mitigation plans. Secure, powerful, safe, and user-friendly attributes are paramount for effective and sustainable technology.
Consumers — and governments — are catching up to the idea that privacy matters. We’re seeing a more widespread discussion of data mining and how it can be used in unexpected and harmful ways. Sure, we all know that companies put data mining to work when they’re targeting us with goods and services. And we’ve largely accepted the practice as a part of being a denizen of the 21st century. But when massive data harvesting triggers national security concerns, it’s something else altogether.
So what are companies doing right now to ensure the safety of new technologies and applications? We hope they’re finding a well-considered balance between convenience and security!
Cybersecurity is critical to success
Statistics vary, but one recent study indicated that in the small and medium business (SMB) space, 60% of businesses that suffer a data breach go out of business as a result.
SMBs must take data breaches and security threats seriously. When it comes to cybersecurity, it simply makes good sense for companies to be proactive rather than reactive.
“Far too often SMB resources are spent on the direct need with tangible value and far too little is allocated for data integrity considerations. If a company is under $2B in revenue and has a distributed workforce, a good place to start is a simple risk assessment. Once you get a report on your overall exposure related to data integrity, privacy, and the regulatory agencies that have oversight to your operations, you can begin to make common sense investment decisions,” says Steve Shoemake, Vaco managing partner and national technology practice leader.
Risk assessments, focus groups, clear end-user-agreements, and transparency about what data is gathered and how it will be used are all good design practices to keep in mind when rolling out new applications and adopting new technology.
Companies are still hiring cybersecurity experts
“While hiring in technology has slowed or stalled at some companies, one branch of hiring that remains robust is cyber and information security risk. Indeed, rather than a slowdown, we’ve seen an increase in our local requests for help in this specific competency,” notes Shoemake.
Even if you think you’re on top of the latest threat, it never hurts to remain vigilant. Consider how sensitive information is being stored and accessed remotely. Are you providing your employees with the tools — like a strong virtual private network — and training they need to operate safely in a virtual environment?
In his recent article — “Houston IT leaders tackle 2020 – How do you compare?” — Vaco managing director Casey Hall encourages IT leaders to ask themselves a series of questions to determine whether or not they need to take a closer look at their cybersecurity and IT security practices.
- Is your current process for providing new hires and recent terminations with technology efficient and controlled for broad, ongoing use?
- Will your processes for tracking IT assets need to change if your employees remain virtual?
- Does network performance and security need to be managed differently to support a dispersed user base?
- Are your users routinely accessing tools for online meetings with people outside your organization?
- Does WFH present a unique risk that needs to be mitigated?
- Do your patching processes need to be planned and managed differently to ensure timeliness and efficiency?
- Do your data management and data security strategies need to be enhanced to accommodate virtual workers?
To face these challenges, technology officers, cybersecurity leaders, and chief information security officers need to take a stronger and more strategic leadership role. It’s time to move beyond compliance and into the world or risk.
Need some help making the jump? Our technology consulting team & cybersecurity services offer the solutions you need to find the right balance between costs, convenience, and security during these challenging times.
Have your thinking cap on and see what experts have to say about the top technology trends that have emerged out of COVID-19? You’re in luck! Download our Ultimate Guide to Tech Industry Trends!