Security is everyone’s business

0
688

According to Cisco, Security is the business of everyone within an organisation, and now the company shares five recommendations that companies might take to make sure every person is aware of and plays a part in the total security solution.

It seems that each new month there is news of yet another security breach. Big names in banking, finance, healthcare, hotels, and retailers have all been susceptible to security scandals within the last few years, and it’s clear that companies of all sizes need to implement a more comprehensive security plan. The Reputation Institute states that in the United States, a data security violation is the most detrimental scenario to the company’s reputation.

Cisco suggests that in order to help prevent this it should be everyone’s business to care, and that cyber security should be distributed across the enterprise, known to every employee. While not everyone may initially believe that security is their responsibility, simple steps like multi-factor authentication or company-wide policy can go a long way in protecting a company. Here are five steps suggested by Cisco that companies could take to make sure everyone is part of the solution:

1. Practicing cyber security hygiene
Cyber security hygiene is a set of best practices that employees and computer systems administrators can take to improve their cyber security. Some of these practices include making sure routers and firewalls are configured properly; updating lists of authorised and unauthorised users; properly installing and configuring all anti-virus and anti-malware software; and using strong passwords and multi-factor authentication.

2. Start simple: Password security and eliminating complexity
Another way to ensure better security for a company is to eliminate complexity – SVP of Cisco’s Security Business Jeff Reed says that security professionals are able to simplify their environments by using fewer products and adopting a platform approach. By having fewer and more strategic vendors, businesses can better implement their threat response.

Multi-factor authentication (MFA) is a best practice for cyber security hygiene, and Cisco’s 2018 acquisition of Duo Security shows the importance of MFA in today’s landscape. The MFA process asks two or more pieces of information from the user as an authentication mechanism. Duo’s two-factor authentication, endpoint remediation and secure sign-on help businesses stay safe.

3. Securing the cloud
While cloud usage is great for data storage and management, companies need to emphasise their cloud security approach. Not only do businesses need to transition to the cloud securely, they also need to protect their user’s data in the cloud.

Cisco is simplifying this process by consolidating a range of security services into one, cloud-delivered security dashboard. This solution allows companies to get better visibility and control over all protocols, even encrypted web traffic. At this year’s Partner Summit conference, Cisco announced that customers can accelerate their cloud adoption with DNS-layer security, secure web gateway, cloud-delivered firewall, interactive threat intelligence, and more.

4. What is the Zero Trust model?
Zero Trust is the idea that you should assume zero trust when someone or something requests access to various work assets. Today’s workplace includes more users, connections, and devices than ever before, so it’s crucial for companies to control their overall attack surface.

Cisco’s Zero Trust security framework creates secure access for the workforce across networks, applications, and environments. This is done by enforcing policy-based controls, giving visibility across the entire environment, and providing logs and alerts for threats. Cisco was also recently named a leader in The Forrester Wave: Zero Trust Extended Ecosystem Platform Providers, Q4 Report. Duo Security provides zero-trust security for workforce, Tetration provides zero-trust security for workloads, and SD-Access provides zero-trust security for workplace.

5. Disaster plan: What if your company is breached?
Despite implementing best practices and the newest security platforms, companies must prepare a plan of action in case of cyber attacks. Disaster recovery and continuity plan can dramatically reduce the amount of time between breaches and restoring services.

The World Economic Forum outlines four main things to keep in mind while developing a disaster plan:

Define key assets: What are you protecting, and what important assets might be lost in the case of a breach?
Identify recovery solutions: Outline your mitigation plans, such as data replication to a secure location
Develop and communicate the plan: Determine who is responsible for enacting the plan
Review and practice: Regularly review with employees and update the plan with new policies