Editor’s note — the following is a guest post from our partners at Electric.
Today’s current era of hybrid work has put many organizations’ security strategies to the test. With many employees now free to work from a variety of different places, the device one works from has become increasingly important to secure and security awareness training is a must-have for your entire organization.
Due to differences between home workstations and those that a company would previously provide in an office environment, employees could be left vulnerable without taking the proper precautions. It is essential to enact proper security controls to keep your organization’s sensitive data secure that might be accessed from these employees, wherever they are.
At Electric, we have keen insight into this, as more than half of all customer workstations that we onboard do not have the basic security controls that we recommend in place.
As part of onboarding, Electric works with our customers to implement a default set of policies that improve the security posture of our customers.
That’s why we’ve compiled a list of the 4 cybersecurity controls every SMB needs.
1. Automated Patching
Patch management is an item that should be of concern for your organization. Quick patching of critical vulnerabilities reduces the risk of security breaches that can be costly to your business.
Consider the simple fact that unpatched devices are more susceptible to cyber attacks. A ServiceNow survey found 57% of cyberattack victims reported that their breaches could have been prevented by installing an available patch.
With a multitude of data privacy laws and regulations like GDPR, CCPA, and SHIELD coming into place, it’s important to keep your company devices up-to-date. This will ensure your organization does not succumb to a breach that would then lead you down into further compliance and regulatory issues.
The above reasons should be enough motivation to have an automated patching solution in place. However, consider how automated patching also saves IT professionals the many hours it would take to manually scan devices to assess for the latest version and then have to manually push out the latest version themselves. Automation, therefore, enables patches to be applied across multiple vulnerabilities in a controlled manner simultaneously which dramatically accelerates the process and eliminates the risk of failure.
Patches can be released between five and twenty times a month. When you consider all of the applications on a given device for one of your company workstations, getting these patches installed in a timely manner has never been more critical than it is today.
2. Full Disk Encryption
When every hard drive on every workstation at your office has data at rest Full Disk Encryption (FDE) enabled, your company’s entire security posture is stronger. A stolen laptop is no longer an existential security threat. Any sensitive data on the device won’t be accessible to the thief without another vector of attack like stolen credentials.
An example like this Lifespan incident, where a stolen laptop that was not encrypted and did not have password protection in place led to Rhode Island’s largest health network having 20,000 patients’ information exposed.
Such data breaches can be avoided by enabling FDE on all of your company’s devices. Both Apple and Windows have their own native encryption software—FileVault and BitLocker, respectively, that enables encryption out of the box.
Without a group policy tool or similar solution in place at your organization, IT professionals might struggle to remotely enact FDE across an organization’s devices. Here at Electric, we use Jamf Pro and Kaseya for Apple and Windows respectively for device management and the remote implementation of device configurations and security policies.
Beyond simply rolling out FDE, devices should be backed up regularly. If an encrypted disk crashes, it can result in files being lost permanently. Passwords and encryption keys should be kept in a safe place, because once FDE is enabled, no one can access the device without the proper credentials.
3. Automated Screen Lock
The next policy we recommend is automating screen lock. This involves activating a computer’s sleep mode after being idle for a specified amount of time, and prompts the user to re-enter their password upon returning. This helps ensure devices are not accessible if left unattended.
How much time is ideal to set for a screen lock on your computer? We recommend automating your screen lock after 10 minutes of idle time.
As mentioned previously, employee workstations have a lot of valuable and sensitive information on them. Someone leaving a device unlocked while away from their desk leaves all of that sensitive information available to whoever walks past. If they gain access to your computer, they may be able to share, modify, and remove data from your computer.
While this policy might seem redundant for those currently working from home where they trust those they live with, it’s still a good policy to enact. Young children who might not know better could still accidentally delete critical information with just a few keystrokes!
For those of you reading this in the office, check out UnlockedComputer.com to put on your coworker’s screen the next time they leave their device unattended.
4. Firewall Enabled
Another one that might seem obvious, but is still important to reiterate, is ensuring that all company devices have a firewall enabled.
A firewall is a type of software (or hardware device) that protects devices from being attacked over the internet. They monitor inbound and outbound activity coming from your network for suspicious activity, blocking items that are considered dangerous based on a set of security rules.
Firewalls prevent unwanted applications from accessing endpoints by controlling connections on a per-app basis. Per-app protection adds a layer of security for vulnerable network ports that must remain open.
A 2019 cybersecurity incident that impacted a US power grid was later found to be caused by unpatched firewalls. The power grid operator eventually discovered that they had failed to apply appropriate patches to the firewalls that were under attack and the mysterious activity only ceased after they deployed the proper patches.
The above incident ties together the previously mentioned policy of automating patches and this one of implementing firewalls. It’s important to recognize these policies do not act in silos, but rather together to form a strong frontline defense to bolster your organization’s security posture and keep out malicious intruders.
Implementing Default Policies to Secure Your Workforce & Ensure Productivity
It’s now essential to equip your employees with the tools needed for the near-seamless production of work, free from technical disruption and business risk.
The policies mentioned above can help your organization mitigate business risk while navigating new challenges brought about by the shift to hybrid work. The “new” office starts with leveraging IT as an enabling function for your team. It starts with rethinking IT and the definition of “office” from the ground up.