In this new work-from-anywhere environment that we’re all in thanks to the COVID-19 pandemic, cybersecurity, trust, and protecting customer data is more important than ever. We saw the largest workforce transmit transformation in history as everyone went remote almost overnight in March 2020.
The best thing that any business can do in securing yourself, especially as adapting to this new environment, this new work from anywhere environment, is to nail the basics. There are a small number of really important cybersecurity hygiene actions, so think about it in the current climate as washing your hands from a cybersecurity perspective, that businesses can do to really eliminate the risk associated with a lot of common cybersecurity threats. So some examples of this are enabling strong multi-factor authentication or ensuring that you’re rapidly patching all of your devices to it to inoculate them against known vulnerabilities, to prevent things like ransomware attacks. And then finally, treating cybersecurity like a team sport, building a culture of awareness in your company so that all the employees in your company can act like security trailblazers.
One of the concepts that I think sometimes gets lost in these security conversations is the concept of ethics and how data is used, and I know these overlap quite a bit. What’s the role in working with people who are looking at the ethical use of data? So you maybe have something like least privileged required, a concept of saying, “Hey, look, for security purposes, only a certain number of industries or with certain roles need to have access to this data.” But that also helps with the ethical considerations around, well, maybe these people don’t need to have this data because it could allow them to have unconscious bias creep into the decisions that they make off this data.
I think there’s a strong partnership between security and ethical use, also of trust and transparency going together, but also integrity and ethics and being, of course, trust as well.
We have to remember that we always have to continue to nail the basics, which means patching your systems. That has got to be one of your top priorities, if not your top priority, and multi-factor authentication is something that should be taking very seriously.
As conclusion, I will do my best to become an optimist as opposed to a pessimist when it comes to end users and being champions of cybersecurity. For a long time, I’ve heard people talk about having a national strategy for cybersecurity, having private companies step up and take the lead, having a public-private partnership when it comes to security, and looking at uses of technology to solve some of our cybersecurity problems. What is the one thing we need that I think going forward to improve our cybersecurity posture?
I think the first thing I would say is that we all need to continue to remember to nail the basics. Never, ever forget to nail the basics. need to learn to share more, share best practices, share information about threats, but that we also need the partnership between the public sector and the private sector. And, again, we’re living in a time where those kinds of partnerships are very strained and I think cybersecurity outcomes are worse when we don’t partner globally. There are no geographic boundaries in cyberspace and it’s really important for us to remember that in order for us to be more secure, all of us of the internet, that we’re all working collectively together, private companies and public sector, around the world.