The innovation in IT security technology is driving ease-of-use and efficacy, and represents great value. And, true to the nature of technology, these attributes will increase with time. Treasury departments should engage staff with this technology in a fashion that is relevant to their daily activities in their personal lives, which will dramatically increase awareness and compliance at the workplace.
“The Four Fundamentals of Personal Cybersecurity” is an approach relevant to individuals, yet has direct application to employees in the workplace.
1. Protect the device. Smartphones, laptops, pads, tablets, and about anything that connects online should be protected using state-of-the-science device protection solutions. Fortunately, recent innovations have brought high-quality and effective protection systems that once were available only to large, server-centric networks, and made them available to individuals and their devices to function securely in all environments and over any networks.
- Device protection should include remote management features that eliminate the need for user-input or behavioral modifications.
- Real-time antivirus, browser and application protections, and the host of defenses standard with most high-quality solutions, are essential.
- Lock and Erase functions are optional.
- Password management applications should work seamlessly across mobile device platforms, and the enterprise should sponsor software purchases and training for all employees.
- Automatic updating and patching of operating system software and other, vulnerable third-party applications such as Adobe and Java.
- Increasingly, collaborative threat intelligence resources are coming to bear for actionable, real-time, preemptive defenses.
- Algorithms will increase in effectiveness and application to predict and defend from future threats as they morph and evolve.
These automated and remotely managed functions will dramatically mitigate the risk of attacks to individuals and their devices, regardless of location.
2. Protect the connection. Once the individual device connects online, more defenses are required to protect the information transmitted over the Internet.
- In addition to device protection, each individual device should have a VPN, or Virtual Private Network, for automatic encryption of Internet traffic. A good VPN will protect the user’s identity, location, browsing, shopping, banking, and all information transacted online, including over public WiFi networks.
- Consumer level or “retail” VPN services have to-date been clunky to use and unpredictable in their operation. Recent innovation and new distribution models are providing much better performance and experience, and the improvements are expected to continue to improve over the near future.
3. Protect email communication. In many cases, email is the “barn-door” for personal information. Unfortunately, especially in the U.S., email is expected by many consumers to be “free” and has distracted us from some of the basic notions to the value of privacy today.
- Use a service that automatically strips IP location and metadata information from individual emails as they travel the Internet.
- Use services that employ open-source software for ultimate security, portability, and compatibility across technology architecture and platforms.
- Private email accounts can act as multi-generational digital domains for your employees and families, and provide a cyber-safe-room for decades to come.
- Private email as an employee benefit communicates full engagement of the enterprise and its leadership to every individual, inside and out of the organization.
4. Protect and back up electronic documents and files. Remote backup services are easy and cheap, and the convenience of the cloud is great, but critical documents deserve a digital vault.
- Critical documents include scanned passports, social security cards, birth certificates, wills, trusts, tax returns, and the other documents that are core to our personal lives.
- Easy-to-use but highly secure digital vaults act as a safety-deposit-box for sensitive documents.
Subsidizing the protection of these four fundamentals in your staff’s personal lives will drive increased cybersecurity awareness, compliance and effectiveness across the enterprise. All of these solutions are highly affordable, do not invade anyone’s privacy, and will provide an ROI that pays by reducing risk and increasing productivity for many years to come. Additionally, this approach to cybersecurity strategy positions the enterprise for optimal benefit from the forthcoming acceleration of disruptive innovation in the IT security industry.
Brad Deflin is president and co-founder of Total Digital Security, who spoke at the recent CTC Corporate Treasurers Forum in Chicago.
Reprinted with permission from www.totaldigitalsecurity.com.