Security, not technology, will make or break hybrid working
Combined home and office working will become ingrained as a long-term model over the coming year. Doing this securely and sustainably demands a major culture shift; every employee must be accountable for protecting corporate and personal data. In an ideal world IT teams would have visibility across the whole, now distributed, environment: who’s accessing systems, networks and applications, from where, and using which devices. With entire workforces ‘out in the wild’, however, this just isn’t possible, so greater responsibility for security needs to be devolved onto the individual.
Ongoing awareness and education programmes are essential to ensure disparate teams follow information security best practice and comply with regulations such as GDPR. However, a lack of employee education was singled out as the biggest cybersecurity weakness in lockdown by almost a third of respondents to a recent Twitter poll conducted by Apricorn. More than 40 per cent admitted they weren’t fully prepared to work at home securely and productively, with 16 per cent not even sure how to.
If employees are to become guardians of their company’s data, organisations must ensure they’re aware of the security risks associated with hybrid working, and provide comprehensive, up-to-date guidance on how to manage them.
Any holes in security policy will create unacceptable risk. It’s important to review, update and improve policies for remote and mobile working, and implement rules that govern the use of personal and company-provisioned equipment. Specific policies should be created around the necessary steps to comply with all regulatory requirements the company is subject to.
These policies need to be communicated directly to employees, with clear instructions on how to adhere to them.
According to research carried out by Apricorn in 2020, employees unintentionally putting data at risk remains the leading cause of a data breach, with lost devices the second biggest cause.
Organisations are increasingly turning towards encryption as a straightforward way of protecting data in the new working environment, which virtually eradicates human error and can enable employees to use their own devices securely – a key safeguard as smartphones, tablets and even voice assistants are proliferating across enterprise networks. Encryption is specifically recommended in GDPR Article 32 as a means of protecting personal data, making it a key part of the compliance toolkit.
Deploying corporate approved removable storage devices with built-in hardware encryption across the workforce ensures that data can be stored or moved around safely offline – for instance, when it’s being moved from office to home – even if the device ends up in the wrong hands.
Hardware encryption offers much greater security than software encryption – particularly when users access the device via a PIN pad. All authentication and encryption processes take place within the device itself, so critical security parameters are never shared with the host. This defends against malware attacks such as keylogging. Even if the device is lost or stolen, the information will be unintelligible to anyone not authorised to access it.
As part of the cybersecurity education programme, employees will need to be trained in applying encryption techniques, as well as the correct use of any encrypted devices.
Every employee must be grounded in the foundations of basic security hygiene. Experts are predicting a rise in criminal attacks in 2021, as hackers take advantage of continued remote working – in particular through ransomware, malware and phishing.
It’s easy to let good habits slip when you’re moving between workspaces and devices, getting the hang of new working models, and striving to be productive. All employees should receive ongoing training in the basics of security hygiene – such as the need to change home wifi and device passwords, the risks of sharing files using consumer apps, and how to recognise common attacks.
A culture of accountability
Training employees in the ‘what’ and ‘how’ won’t be enough to build a culture of information security across the entire dispersed workforce. This isn’t something that can be done by enforcing policies; employees need to be engaged with it. The most effective education programmes will also cover the ‘why’: the reasons data protection is important, and the specific risks and consequences to their company of a breach. This will ensure everyone understands their specific role in keeping information and the business safe in the hybrid working environment.
Employees have a critical role to play in executing their organisation’s cyber security strategy, from recognising threats, to correctly applying policies. At present, it’s questionable whether they’re ready to fulfil this role. As the volume of data being moved and shared outside the office security perimeter continues to surge, education will play an increasingly important role in improving the security posture and preventing internal and external data breaches.
Jon Fielding is managing director EMEA at Apricorn
Nozomi Networks secures US$100m investment
Nozomi Networks, a San Francisco-based industrial cybersecurity startup, has raised US$100 million from its customers and technology partners to help build new products and expand sales.
The Series D funding round was led by Triangle Peak Partners, and also includes investment from a number of equipment, security, service provider and go-to-market companies including Honeywell Ventures, Keysight Technologies and Porsche Digital.
“As we began the fund-raising process, many of the largest ecosystem partners in the world along with our customers recognised Nozomi Networks as the industry leader and requested the opportunity to invest in the company,” said Edgard Capdevielle, President and CEO of Nozomi Networks. “It’s the ultimate endorsement when not only a prestigious firm such as Triangle Peak Partners leads the investment, but customers and partners embrace Nozomi Networks and further validate our market leadership.”
How will Nozomi Networks use the investment?
The company will use this latest investment to help scale product development efforts as well as its go-to-market approach globally. Specifically, Nozomi Networks will grow its sales, marketing and partner enablement efforts, and enhance its products to address new challenges in both the operational technology (OT) and internet of things (IoT) visibility and security markets. With ransomware and malware attacks on organisations and critical infrastructure at an all-time high, the need for Nozomi Networks solutions has never been greater.
“With the OT and IoT security market on the verge of explosive growth, Nozomi Networks has not only risen to the top but is strongly positioned to continue to outpace the market,” said Dain F. DeGroff, Co-founding Partner and President, Triangle Peak Partners.“The company’s consistently strong performance in combination with an impressive R&D model and its ability to scale quickly set itself apart. We’re excited to be a part of Nozomi Networks’ future.”
Digitalisation is changing and disrupting entire industries, and now more than ever, cybersecurity is playing a crucial role for all companies. With the constant rise of cyber threats facing asset owners around the world, including critical infrastructure, customers are looking for better and more efficient ways to protect operating environments and reduce cybersecurity risk, explained Que Dallara, President and CEO, Honeywell Connected Enterprise.