The traditional methods of safeguarding company data behind physical walls are demonstrably insufficient for the realities of today's hybrid workplace, let alone the evolving future of work. Distributed teams, increased virtual interaction and the reliance on internet connectivity all contribute to exponentially elevated data security and privacy risks.
This scenario presents two distinct challenges:
The first surrounds IT needs. Mitigating network and data vulnerabilities requires robust technologies and best practices to effectively protect all information flowing through the system.
The second scenario is employee privacy. Balancing organizational security with safeguarding employee privacy, regardless of their work location, becomes paramount.
Addressing these challenges is not only crucial for business continuity but also essential for maintaining employee trust as AI-driven applications become increasingly widespread. Recognizing the heightened importance of cybersecurity in the future of work, a panel of experts at Future of Work Expo 2024 reviewed technologies and best practices for IT departments to navigate this complex landscape.
Jon Arnold, principal, J Arnold & Associates, led the panel discussion that featured Richard Luna, CEO, Protected Harbor; Brett Shockley, CEO and co-founder, Journey; and Ryan Worobel, chief information officer, LogicMonitor.
Arnold started off the discussion by asking the panel to talk about two basic types of threats: threats that impact IT and threats that impact employees.
“If there is a database, it will get hacked at some point,” said Shockley.
Worobel answered Arnold’s question from an IT approach by talking about an experience with one of his previous companies.
“My previous company got hacked where the administrated password was password,” said Worobel. “The attack hit 52,000 devices in 42 seconds. We went completely dark for almost 30 days. We could only communicate in WhatsApp, and we lost $300 million.”
As from an employee/end user perspective, Luna mentions how attacks to end users are to trick end users, and one way to protect your data from potential attacks to end users is to “air gap your backups.” That’s a phrase many have not heard before.
“Air gap means the backups are not connected to the systems,” said Luna. “The large clusters in the backups are not connected to the internet. They are isolated.”
Air gap is the last line of defense.
Staying in line with employees and end users, Arnold asked the panel how businesses should handle internal threats.
“Managing privileged access is important,” said Worobel. “Understand who can get to what.”
Think of it this way. People typically gain more access as companies grow. It’s rare when they lose access. Therefore, as Worobel said, it is important to manage that.
Luna added to it with two halves of a pie. The first is to understand how to tweak things to protect infrastructure.
“Using as much of the core infrastructure to tweak the security settings and all the pieces you must lock it down,” said Luna.
The other half is to always try to take care of your employees. Remember, when employees are happy and they are involved in engaging activities, they get the mindset that the company cares and are less likely to be an internal risk.
Edited by
Greg Tavarez