How To Adapt Your Security Policy In A Hybrid Workspace
The pandemic has forced companies to set up remote access. Priority was mainly given to efficiency. To the detriment of data and flow security.
Various studies estimate the rate of French employees teleworking at around 20% for two to three days a week. Despite the will of the State, this share should not change for various psychological, technical and organizational reasons.
Nevertheless, the idea of hybrid work is gaining ground. This is not good news for stressed and overworked security teams who are already struggling to respond to internally generated security events. The pandemic has only exacerbated the stress.
According to a recent report by ESG and ISSA, COVID-19 has not only forced cybersecurity professionals to shift their priorities/activities, but it has also increased their workload. They must now monitor a larger and more heterogeneous attack surface.
A recent report from VMware Carbon Black found that the shift to working from home led to a 148% increase in ransomware attacks and highlighted key areas for security teams to address.
Personally identifiable information (PII) is the main target of cybercriminals. According to the latest Cost of a Data Breach Report 2020 from the Ponemon Institute, 80% of data breaches involve this type of information. This poses two major problems. The first is that of data security, because remote work effectively widens the attack surface; the second is that the privacy of customer data is also compromised.
More than ever, enterprises need to establish a solid foundation for identity governance using the following recommendations:
- Increase efficiency by instituting automated request and approval processes for system access
- Catalog who has access to which systems and applications
- Associate identities with roles
- Ensure that access rights change as the functions of a role evolve
- Enforce segregation of duties so that multiple roles associated with one identity do not lead to unintended access to sensitive systems
- Perform regular access and compliance data audits
Failure to secure data and keep it confidential can lead not only to breaches, but also to heavy fines for non-compliance. Governance of data and identities is therefore crucial to ensure its sustainability.
Also Read: 5 Tips For Communicating In The Home Office