To print this article, all you need is to be registered or login on Mondaq.com.
Published: New Hampshire Business Review
April 7, 2023
When New Hampshire companies look for ways to bring their
budgets in line, one area they cannot afford to diminish is
cybersecurity. If anything, they often have to increase their
ability to safeguard their most important digital infrastructure as
well as protect their clients’ data. New Hampshire Business
Review reached out to McLane Middleton in Manchester to glean some
of their expertise in this arena.
Q: What are the best practices a company can adopt to keep its
remote and hybrid workers secure and connected to the company?
A: One primary risk presented by employees
working remotely is the devices they use to do so. With respect to
laptops and desktops, the following are critical safeguards:
encrypt the hard drives; do not permit workers to have
administrator privileges; deploy advanced threat detection and
prevention not just ordinary anti-virus; enable local firewalls;
and ensure that the devices automatically link to a virtual private
network (VPN) as soon as they receive an internet connection. With
respect to mobile devices, deploying a mobile device management
(MDM) application is critical to ensure that the device can be
accessed only using a passcode or biometric; the device and the
data in the MDM is encrypted; and the device can be located and
decredentialed if lost or stolen.
Another primary risk of employees working remotely is the points
of access they have to company information.
Strong and unique passwords coupled with multi-factor
authentication (MFA) for access to all computers, networks and
clouds is a necessity. Additionally, limiting the access to those
systems only to company-owned devices is another critical
safeguard.
Q: What are the most important aspects a company should focus
on in regards to maintaining its cybersecurity?
A: Truly effective cybersecurity requires a
comprehensive approach — there are no magic bullets. The
first and most important step is to conduct a full risk assessment
to identify vulnerabilities and areas of non-compliance, and then
create a strategy to mitigate or eliminate them through solutions
that fit the budget, culture, and IT and physical infrastructures
of the business. Through this comprehensive risk assessment
process, an organization can design a cybersecurity program that
both best mitigates risk and fits its needs.
While each organization’s technological safeguards can
differ, the following is a list of the 15 controls that every
business should implement to mitigate risk:
1. MFA and unique complex passwords to access
all computers, networks and clouds.
2. Advanced threat detection and prevention on
all networks and computers.
3. An automatic VPN.
4. MDM for all mobile devices with access to
company email or other data.
5. A sandbox for launching links and
attachments in incoming email, and scanning of outgoing email for
certain types of information.
6. Users not permitted to have administrator
privileges.
7. Data encrypted at rest on all laptops and
mobile devices, and certain sensitive data encrypted on servers and
in clouds.
8. Properly configured network firewalls, and
local firewalls deployed on all laptops.
9. Automatic mandatory pushing of patches and
updates.
10. Appropriate employee access limitations
managed through IT and human resources processes.
11. Real-time monitoring of and response to
security alerts through a security operations center (SOC) and/or
security information event management (SIEM) application.
12. Offline backups and cloud-based failover
redundancy.
13. Access and activity logging configured
robustly.
14. Vendor management through appropriate due
diligence and contracts.
15. Cyber liability insurance in an appropriate
amount and with full coverage.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States
