It’s still October and still Cybersecurity Awareness Month and, in keeping in line with the month’s theme, we’re going to talk about securing devices at home and at work. This week’s subject is really an extension of what we talked about in last week’s blog – If you connect it, Protect it. Basically, the idea that if you connect something to the internet, and that something can be anything from a laptop or workstation to “smart” lightbulbs or your internet enabled refrigerator, that you need to take the time to protect it from attack and misuse.
If you’re a security practitioner yourself, you’re probably already doing everything at home that I talked about in my last blog and may have a few things you do that I left out. The focus last time was on what you can, and should, be doing at home to protect your own connected devices. This time, we’ll extend it back to the office.
If you work for an Enterprise level organization, chances are there’s already a mature information security team doing everything they can to keep you safe. It’s their job and, most of the time, they’re really good at it. But there are still things we can do as individuals to help do our part.
It Starts With Us
Security starts with us, which means we need to know and embrace the Best Practices all those security training sessions have been trying to teach us for years.
Select good passwords, don’t share them, and don’t reuse them. These days, the recommendation should be a passphrase rather than a password since short passwords can be cracked way too fast for comfort.
While a password like “KM6fg&rq3” is way stronger than the name of your favorite college football team, something like “Th1S iS my n3w W0rK Pa$$w0rd” is stronger still, and probably easier to remember. And use multi-factor authentication when you can.
Remember the Basics
All that advice about not clicking on links, opening attachments, plugging in that thumb drive we found in the parking lot? Yeah. All those lessons we’ve heard a hundred times and will have to hear a hundred times again. Why? Because as users we keep falling for them, and as security educators we have to keep teaching the class.
But let’s get back to devices.
At Work or At Home
The same advice we gave last time on securing your home systems apply at work. Keep your patches up to date on everything from servers down to the smart bulbs. Make sure the defenses are up to date and have been tested. Make sure the users are educated, etc. It’s the same drill in a business environment as it is at home, though the stakes are higher, the systems are larger, and there are a lot more of them. Of course, at work the Information Security team is there to make sure the job gets done and gets done right.
Having the right tools in the work environment is important. You already have firewalls, VPN, enterprise anti-virus and anti-malware, endpoint protection, patch management tools, and a SIEM that tries to show everything that’s happening. But what are you missing?
From our perspective, you also need a behavioral analytics system that can make sense out of all those moving pieces and pick anomalous behavior out of a flood of information. That’s what lets you see the risks in your environment, from people and systems – all those devices we’re trying to secure – and lets you react to risks before they become patient zero in a breach scenario.
Gurucul Can Help!
Now, when the Covid-19 pandemic started and people began working from home, Gurucul decided to offer a free service that gives organizations 30 days of access to our Unified Security and Risk Analytics platform. No risk, no obligation, all that. The hope is organizations will be able to identify risks and mitigate them so they can stay safe while we all adapt to a new “remote workforce” normal.
Watch our webinar on demand to learn more about our complimentary service, Securing Data with a Remote Workforce:
Since the line between work and home has become fuzzy, it’s become more important for all of us to be in the game securing devices and keeping our environments safe.