Does Remote Working Change Your IT Security Stance?

It's quite obvious that the ‘C’ word has changed how many of us work. Whether you’re an employer or employee, the way in which you ‘do IT security’ has probably changed. If it hasn’t then it probably should have….

Threat actors notice that your employees are working from home, or from the coffee shop and adjust their tactics accordingly – they have their ‘Priority Intelligence Requirements’ if they are a nation state, or their financial targets if they are a cybercrime group.

There are dozens of tools – both software and hardware – which can be exploited by the bad guys. Some have other – legitimate – purposes, and others are purely malicious. Would you be able to notice if a threat actor plugged a malicious USB device into one of your employees’ laptops – and would you be able to stop them exfiltrating data from it? Would you notice if your CFO’s email account was compromised, and he/she started asking for employees to change banking details, or buy gift cards?

Have you encouraged (or forced) your employees to use longer passwords, or perhaps you’ve provided a Password Manager for them to make use of (there are some excellent options available commercially). Alongside this, forcing ‘Multi-Factor Authentication’ is one of the strongest forms of defence you can establish – its not infallible but it does raise the bar.  

Security maturity is a journey, not a destination. Every day brings new technology, new attack surfaces, new vulnerabilities, new exploits – but its not an impossible task, and having an educated workforce, combined with a modern, patched infrastructure for them to use will dramatically reduce your risk.

Know what you have, know how you access it and know what would be valuable to different threat groups and you can adjust your stance accordingly. Being in a state of perpetual preparedness is hard and tiring, but it’s the only way to survive on the modern internet. Educate your staff on how to spot, and report suspicious behaviour just like they would in the ‘real world’ and you’re halfway there.

CAMOR's GSAT Training Revealed as a Finalist for an OSPA
November 25, 2021
Disruptive Passengers
November 23, 2021
Does Remote Working Change Your IT Security Stance?
November 9, 2021
Let's Develop the Person Within a Learning Cycle
November 1, 2021
Insider Risk - How Vulnerable Are We?
October 27, 2021
Airbridges Beyond Covid-19 – Safety and Security
October 22, 2021
CAMOR Hold Team Building Event in Edinburgh
October 11, 2021
Recovery at Our Airports – Are we Secure Enough?
October 8, 2021
CPD for CAMOR Team
October 1, 2021
COP 26 - are we outwardly focused at the expense of internal scrutiny?
September 22, 2021
CAMOR attend Lowland RFCA Armed Forces Employer Recognition Scheme Awards Ceremony
September 13, 2021
Launch of Insider Risk & Employee Vulnerability online interactive training course for Aviation
May 26, 2021
           Employer recognition scheme, Gold Award Holder    
With Department for Transport (DfT) Certified Instructors, CAMOR are a UK  Civil Aviation Authority (CAA) Registered Training Provider