Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
AARON ZANDER,
HEAD OF IT AT
HACKERONE
EDITOR’S QUESTION
/////////////////
The unprecedented rise in remote working and the rapid
deployment of collaborative and video conferencing tools is
putting organisations into potentially dangerous situations
– even those with remote policies already in
place. Cyberthreats never sleep – especially
at a time of crisis. It’s almost inevitable
that breaches will happen during COVID-19
because of negligent infrastructure, a lack of
basic security awareness among employees
and a rush towards collaboration and video
conferencing apps.
While these tools allow people to connect and
work from anywhere and at any time, they
come with a caveat: sharing the meeting ID
or URL can allow people to drop in and listen
to sensitive conversations, record your voice or
video and infiltrate your new virtual workplace.
No matter which process or tool businesses
adopt to manage and connect their newly
remote workforce, they should ensure that the
infrastructure is secure.
For workers, it is essential to make sure you are
using multi-factor authentication (MFA) tools
and password managers to protect against
“
IN AN IDEAL
WORLD,
COMPANIES
SHOULD BE
MOVING TO A
ZERO TRUST
OR BEYOND
CORP STYLE
OF VIRTUAL
NETWORKING.
phishing, credential theft and becoming the ‘weak links’ in the security
chain. In an ideal world, companies should be moving to a Zero Trust
or Beyond Corp style of virtual networking. Zero Trust networking
allows for security teams to set granular
permissions every time an employee wants
to access something sensitive. Modern ‘Zero
Trust’ tools allow organisations to prevent
things like two-factor authenticated phishing
and ensure browsers, phones and computers
are up to date even when they fall out of the
purview of what the company ‘owns’.
With Zero Trust set up correctly, organisations
can ensure that only the users that should
be accessing specific applications are. It
also means they can check equipment is up
to date, that users are in the appropriate
locations and enables additional assurance to
those employees are who they say they are.
There are many paid and free tools to help
establish Zero Trust, everything from Duo’s
network gateway SaaS service, to Pritunl
and open source options. Many of these
tools tie into existing user infrastructure so
provisioning access should be a breeze. •
www.intelligentcio.com
INTELLIGENTCIO
37