THANK YOU FOR SUBSCRIBING
When thinking about the past year together with the current one, feelings of wonderment, confusion, caution and hopefulness come to mind. As the practice leader of EisnerAmper’s Managed Security Services and IT Risk sector, consulting affords me the ability to observe the specific issues and challenges our clients experience and then pinpoint for them the appropriate solutions we can provide. Allow me to share some IT security-strengthening tips that your company can consider implementing in 2021 and beyond.
The Home Security Triangle
We have all heard of the Bermuda Triangle where people and planes seem to get lost, never to return. This year may conjure similar feelings in terms of IT security. As millions of people have migrated to a work-from-home model, there are three areas our team is focusing on:
1. Employee Computers
This a computer an employee uses that is either company issued or personal and is connected to the individual’s home internet service. It’s unclear if this device is dedicated or being shared with other members of the house, and this is where our concern comes in. Just how secure is that computer, and is it protected? We’ve already seen a massive increase in computer hacking because of a lack of a security focus on both the endpoint device and its connectivity.
2. Employee Computer Connection
Every computer in the home has a connection to the internet. A developing concern is how is that computer connected? We see many home computers sharing a Wi-Fi connection with other non- protected computer devices that can “bleed technology risk” back into the employee’s computer. This shared-connection environment can easily be segmented by Wi-Fi or connections, but needs a carefully thought out plan to ensure the separation of security risk.
3. Employee Home Firewalls
As employees work from home computers, many perform their daily tasks without considering the strength of their internet connection and firewalls to provide home security. As we continue to rely increasingly on home usage, our team has found that a more industrial hardware platform is advisable to ensure there is more security provided at the connection level from the ISP, as well as to the office environment if VPN or other connection usage is being provided.
Prior to COVID, offices deployed multiple layers of security, and the employee IT security matrix was adequately deployed. As employees shifted to continued home use, hackers followed suit and started shifting focus of where to hack and have found multiple gap areas like the ones mentioned above. Our team has developed a fully managed detection and response program to meet these new changing needs, and we will continue to offer services to measure these new risks, manage them through new technologies and, most importantly, monitor these risks in 2021.