In October, IT security focuses on the topics of “digital skills” and “cyber scam”. Because while Covid-19 gave digitization an unexpected boost, now the awareness and knowledge of the users as well as the IT security awareness keep up with this trend. Here are six key security trends this October.
1. Awareness and user training – always up to date
The holy grail in IT security. This is not about the malicious employees who come below, but about the carefree. They click on cat pictures all day. You click strange emails. You download wallpapers that are delivered as executable files. The root of all evil? Somehow.
In the past few weeks we’ve seen an increase in attempts at social engineering and phishing. It starts harmlessly with an e-mail that appears to have been sent by a colleague, but from an unknown, private e-mail account. There is something like “I urgently need to get the project ready, but I am missing an important document, can you send me that briefly?”
2. IT security: Ransomware damage can be easily prevented
It happens quickly, and by the time you notice it, it’s too late. The data is gone, the machine can no longer be used. What do you do now? Format C: and restore the backup. Oh there is no backup? Well …
User devices are easy prey for such attacks. To avoid the disaster, the home and user folders of the employees should either be backed up on a remote server or permanently synchronized with SaaS applications. It is also important to make it clear to employees that files outside of these folders are not backed up.
3. The danger of the vacuum cleaner robot in the home office
Many of us have been working from home since March. From a corporate security perspective, this is a daunting challenge that involves many variables. IT certainly still has control over the end device, but not over the environment in which it is located. From insecure Wi-Fi connections to IOT devices that we use – without in-depth investigations, nobody can know whether and what data such a device is recording from the local network and where it is being sent. Help is not entirely trivial here, but a combination of forced VPN use and multifactor authentication when accessing critical applications should be considered necessary.
4. IT security – free tools and services
Although the subject is not new, most of the time we are unaware of the threat. There are many free tools and services available on the internet that sound great and useful. An automated translation of entire texts into any language? A tool to join multiple PDF files? A tool to create flowcharts or visualize business processes? We all use that, right?
We cannot say with certainty what will happen to all the data that we enter there completely voluntarily. Therefore, an organization needs a layered strategy to avoid risk, starting with a strict policy of blocking access, but best of all by providing similar services securely. PDF editors and tools for creating flowcharts no longer cost the world.
5. Frozen or reduced IT budgets make IT security more difficult
By late 2019, IT budgets weren’t exactly the largest in an organization, but IT managers have learned to get by with the money they have. The problem of finding and retaining suitable employees was greater.
Now, in the last quarter of 2020, it can be said that the situation has worsened. Perhaps it is now easier to find well-trained technical experts after some have unfortunately lost their jobs, but there is probably no money to hire them. So the staffing level is the same, if not thinner than before. What now?
The simple answer is to use technology, but a lot of the technology costs money. In many cases, freeware or open source can be an alternative. But sometimes it is just a good idea to finally deal with the automation of routine tasks. It is best to start today.
6. IT security: malicious employees as an internal threat
Frustration as a result of six months of “isolation”, the improbability of bonus payments or salary increases for obvious reasons – all of these can upset employees, and these represent the greatest risk for any company. An employee is considered trustworthy until something happens. Then there is no warning and it is almost impossible to stop an incident once it starts. Disclosure of confidential information, destruction of data, destruction of company property, and other creative ideas.
Even so, efforts must be made to contain these cases and their effects. Systems such as Dataloss Prevention and of course a functioning concept based on the principle of least privileges can help. Therefore, always keep an eye on the permissions. And what do we do on Halloween now? Maybe dress up as ransomware? Difficult because nobody really knows what one looks like. Dress up as a virus? Better not this year. But maybe as a log? But probably nobody understands that. Good old “UDP (User Data Protocol) joke”. (sg)
About the author: Sascha Giese is Head Geek at SolarWinds, a provider of high-performance IT infrastructure management software. He has over ten years of technical IT experience, including four years as a senior pre-sales engineer at SolarWinds.