Securing your organisation in the ‘new normal’

The nature of how we work is constantly evolving, most recently with the global pandemic and the changes that were needed to help tackle COVID-19.

Highly interactive environments are now rapidly becoming the ‘new-normal’ across all organisations – as our networks, once confined by clear boundaries, are pushed outward to support home/remote working practices and secure strategies for working away from the office environment.

How we do business has not fundamentally changed, but how we share information certainly has, with the use of collaboration tools, such as Microsoft Teams and other rapidly deployed platforms.

The attack surface of an organisation has grown exponentially with The World Economic Forum recently reporting that the “demand for information on the new virus, accompanied by fear, confusion and even the boredom of confinement, has multiplied opportunities for cyber criminals to deliver malware, ransomware and phishing scams.” So, how do we ensure that we remain secure?

Securing your networks

Having 24/7 visibility across your network is vital. As a result of using the right technology for cyber security, managing your network can become easier allowing you to see all endpoints, address the most vulnerable areas and detect threats in real-time. The difficulty comes in managing these technologies. Deterring today’s threat landscape is a 24/7 task and most breaches occur outside of regular office times. If you aren’t running a 24/7 security operation, you’re putting your IT estate at risk.

You should also be aware that your organisation’s network also includes your supply chain. To secure your organisation’s future, you need to be able to trust your suppliers. It is important to assess those in your supply chain, ensuring your technical and supplier networks are secure will ensure your operations aren’t disrupted.

Remote working

Where possible, organisations have moved to remote working, or at the very least, distanced working and technology has been the biggest enabler of this. Looking to the future there are strong indicators that organisations will have many employees working from home permanently. The course of the past few months has drawn attention to the technical skills and training of workforces. Now, more than ever, the ‘people’ element of security is vital to maintaining a strong posture. Threat management and constant vigilance are key for ensuring cyber security in this situation.

Find out how you can keep yourself secure in the ‘new normal’ with eight handy tips

Ben Murden
Ben Murden

Ben has over two decades in the IT industry, delivering both online and offline campaigns across all platforms to meet business goals and objectives. Joining Phoenix in 1999 as a graphic designer, Ben has evolved over the years into a fully-rounded marketing professional, before being promoted to Phoenix Marketing Manager early in 2018, reporting directly to the MD. With his background in creative design, Ben takes projects from inception to execution and can identify the correct strategy based on the subject, audience, and goals – while increasing the brand profile and revenue. His passion for digital marketing is evident in everything he does, and both vendors and strategic partners often comment on his incredibly positive attitude to ‘make things happen’.

See all posts by Ben Murden

What can I do to reduce the risk of remote working now?

  • Remind users to be suspicious of emails from unknown sources and to not open file attachments or click on links. Stress the fact that cyber criminals will seek to capitalise on the current chaos and make sure people know to exercise extreme caution with any email that asks for credentials or other sensitive information.
  • Make sure that computers – whether company-issued laptops or personal home PCs – are patched and updated against the latest threats.
  • Verify that the devices used to connect to network resources or access company data have endpoint protection.
  • Ensure that workers connect to the company network and sensitive data through secure means, such as a Virtual Private Network (VPN) connection and remind them to store data on company-sanctioned cloud storage platforms.

Training and awareness

Ensuring your end users are trained on how to look for malicious activity is now more important than ever. Figures released by KnowBe4 state that cyber criminals ramped-up phishing attacks by more than 667% in the month of March alone. Activities such as phishing simulation can play a role in making sure that your users are prepared. It’s better to “fail safe” and direct your users to a learning moment than to have an employee click on a real phishing email and have your entire organisation experience a breach. Empowering people to protect both themselves and the organisation will create a cyber security culture.

Lean more about user awareness training and take advantage of our free phishing prevention kit

Security plan

Do you have a trusted network for advice, ideas etc.? A trusted network can help to establish a robust security plan for your organisation. Through this network you retain the ability to use best practice from organisations with similar experiences to yours and help ascertain what has worked well and areas for improvement for your own security posture. The new ways of working will have implications across the organisation, so rethink the cyber security operating model and continuity plans for physical-location-constrained operations, including automation opportunities.

Supply chain and third-party risk

Security is imperative in supply chains, as technology evolves, attack vectors will evolve with it and get more sophisticated. It’s clear that a prudent security approach needs to be multi-faceted, encompassing defenses against a huge range of physical and virtual threats. Audit your vulnerability on these several threats to get a good understanding of where your weaknesses lie, then make it a priority to address them. Do you have a risk matrix for your suppliers? Are they accredited to the levels that they should be? The ‘new normal’ will place more emphasis on your suppliers and ensuring security standards are met.

Business Continuity Planning

It is now accepted that security breaches will happen, so being adequately prepared to deal with them will go a long way towards minimising their impacts. Know what you’re going to do and how you’re going to do it and make sure that you have the necessary information, materials, skills and capabilities to do it effectively. Test your incident response plan on a regular basis using a variety of different scenarios and see where improvements can be made.

We found that only one third of public sector organisations have a Business Continuity Plan in place. Discover what else we found out in our infographic

The pandemic will disappear. Its cyber effect will not.

This is the ‘new normal –  technology does and will continue to shape how we work today and moving forward. The accelerated pace of digital transformation, remote access infrastructure and the rapid move to the cloud by many organisations, are known trends by cyber criminals that they will take advantage of – if they can.

When we change the way we work, we must adjust how we secure our work. Cyber security strategies must be revamped to meet the new reality. Cyber security is now considered a business enabler and security executives will play a key role to navigate their organisations safely out from the coronavirus pandemic crisis safely. Your organisation has never been more difficult to keep secure than it is right now and people are more reliant than ever on technology, therefore a comprehensive approach to operational resiliency must include cyber resilience.

If you would like to talk to a member of the Phoenix Security and Compliance Team about how we can help secure your organisation in the ‘new normal’, please get in touch on 01904 562200, email [email protected] or fill in the form: