Video

Top 5 Work from Home Cybersecurity Recommendations for Enterprises


John Tolbert is talking about the current situation with regards the pandemic crisis and the cybersecurity-related things to consider for enterprises.

Hi, I'm John Tolbert from co or Cole today. I just wanted to talk to you for a few minutes about the cybersecurity situation. With regard to the pandemic crisis, we came up with a list of five recommendations that we think are important for enterprises, especially to consider. During this time, we know that the, the cybersecurity risks are elevated as a result of the crisis. And we thought we'd give you a few things to think about recommendation. Number one is used multifactor authentication, wherever it's possible. The good news is it's available in many platforms already, whether it's a native, Microsoft authentication or some of the other platforms like Google, it's also possible to tie in mobile device authentication and use things like fingerprint touch ID, face ID in conjunction with other systems, thanks to things like Fido and the fi oh two web authentication protocol. That's a quick and easy way to make multifactor authentication available because passwords, as you know, are, are bad.
It's the easy way for the malicious actors to get into systems. And it's much better. It can be a much better user experience as well, just to turn on multifactor authentication, wherever possible. Secondly, we recommend of course, endpoint protection it's man, it should be mandatory everywhere for any user device, whether it's a desktop laptop or even mobile device these days. And again, in many cases, some protections are built in as in the case of let's say Microsoft windows. So you can make sure and, and perhaps illustrate to your users how to make sure that Microsoft windows defender ATP is on and active. We know that users home users especially are being targeted at this time. And it would be a great way to protect them, to make sure that they've got these endpoint anti malware systems engaged and active and updated patch management patch management of course has been important for many years now, but we know from recent reports that public facing applications, the companies may be hosting and especially things like VPN are really, really under attack. Right now. Malicious actors are taking advantage of the situation that they know lots of people who may not be used to working from home or working from home. So those VPNs are under attack. They need to be patched and maintained properly. Same thing with endpoints, it's better to turn on automated patch management.
In years, past companies may have preferred to do a little in-house testing before releasing a patch into the wild. But these days we feel like that's a riskier proposition than turning on automated patching. There are, are fewer risks associated with application compatibility. Then there would be with the, the sometimes giant risks of leaving machines, unpatched security trading now would be a really good time to remind users, especially about the dangerous fishing. Make sure that they're aware of what fishing emails look like. Don't click anything suspicious because we, we know we've seen in the reports just in the last few weeks of about 5,000 new domains related to coronavirus being created about 8% of which are either suspicious or malicious. So it would be advantageous to warn them not to click on things even about the coronavirus situation. There are cases where malicious payloads have been included into PDFs or behind links that look like they come from official sources, but they're not so even short targeted video or illustrated graphics about how to avoid especially fishing, but any other particular security, risks and policies your company might have then lastly, data protection.
It's likely that many users are tempted at least to send sensitive information outside your environmental controls, whether that be on a USB stick or by forwarding something to their personal email that they may work on on a device. That's not under your control as well as an enterprise. So if possible, it would be great to use things like data, leakage prevention, DLP tools, if you don't have that, but you need, you can quickly set up collaboration sites with some of the popular cloud SaaS service. And that would also afford you the opportunity perhaps to turn on MFA for that and do fine grained access control, and then really limit who's got access to the information that you're sharing out there. And then if you are using cloud services now would be a good time to think about CASBY as well. Cloud access security brokers they're designed to sort of detect and then monitor and be able to actually apply your enterprise security policies on a lot of the popular cloud services that are out there today. So thanks again for watching and take care.

Video Links

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #141: What Defines Modern Cybersecurity Leadership

How do you implement modern cybersecurity leadership between compliance, threat protection, privacy and business enablement? To answer this question, Matthias invited the CEO of KuppingerCole Analysts, Berthold Kerl, who was and is active in various roles as a leader in cybersecurity.…

Interview

The 3 Essentials of a Cyber Leader

How can the Cybersecurity Leadership Summit help you become a great digital leader? Raj Hegde, Product Manager, tells us what the 3 core qualities of the digital leaders of the future are, and how you can strengthen them by joining us on 8-10 November in Berlin.

Analyst Chat

Analyst Chat #106: 2021 - A Retrospective

Paul Fisher and Matthias present their very subjective summary of a really special and, in particular, especially challenging past year, 2021. They cannot do without the word 'pandemic' after all, but they also try to reach a first perspective on the year 2022 from the past 12 months.

Analyst Chat

Analyst Chat #102: Impressions and Insights From the CSLS 2021

From November 9th to 11th, the Cybersecurity Leadership Summit 2021 took place in Berlin and virtually online. The Monday after, Martin Kuppinger and Matthias sat together to talk about some first impressions and insights from this event. The recordings and slide decks are available…

Analyst Chat

Analyst Chat #96: How to Combine Security And Convenience (EIC 2021 Special)

While moderating and speaking at KuppingerCole's flagship EIC 2021 event in Munich, Matthias also took the opportunity to sit down one-on-one with his fellow analysts in the conference studio for some EIC special analyst chat episodes. In the third and final special episode, Martin…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00