Securing Your Digital Footprint In The Tele-Work World

Cybersecurity Awareness – By Ron Frechette, The Cyber Coach

As the adoption of remote workforces becomes the “new normal” across the world, it is more important than ever to consider the security posture of your digital presence in cyberspace.  Facebook announced last month it will permanently shift tens of thousands of jobs to remote work and we are hearing the same from professional services companies across various industries.

Last year we introduced our readers to the concept of digital footprints.  This month we will focus on the four threat vectors that surround digital footprints.

1. People – Spouses, children, and/or business colleagues having or not having the awareness that these vulnerabilities exist, and how they behave when they are confronted by a phishing email.
2. Processes – Formal policies and procedures in place with best-practice guidelines to decrease threats of cyber-attacks.
3. Facilities – Physical controls. Do you have locks in areas of your home or business where sensitive information can be accessed?
4. Technologies– Ensuring the networks and applications you utilize have been properly vetted and can guarantee an acceptable level of security. Have you secured home routers, installed virtual private networks and implemented multifactor authentication?

The Security Perimeter is the area you must protect to keep cyber criminals from gaining access to your sensitive data.  A key objective is to identify the vulnerabilities that exist within your digital footprint and begin taking the proper steps to close gaps.

DREAMSECURE Cyber Risk Management System

DreamSecure is a cyber risk management system we recommend for small businesses mainly because it is easy to understand and implement.  It is based on the NIST Special Publication 800-53 (Rev.5), Security and Privacy Controls for Information Systems and Organizations. The acronym DREAM spells out the 5 steps in the system.

1. Diagnose – Step 1 is to diagnose our digital footprint by performing a security risk assessment of each threat vector to identify specific vulnerabilities.
2. Remediate – Step 2 is to develop a remediate plan to close gaps.
3. Engage – Step 3 puts the remediation plan into action and engages managed security providers if needed to assist in closing gaps.
4. Audit – Step 4 ensures our remediation plan was executed effectively and helps us determine how to manage residual risk.
5. Monitor – Step 5 takes us to continuously monitoring and detecting potential threats to our digital footprints 24x7x365.

Don’t expect to complete all five steps overnight. The average length of time it takes to fully implement this system can be anywhere from six months to two years. But once you begin the assessment process, the rest of the steps tend to fall into place quickly. Each future assessment will flow much smoother, take much less time, and your overall cyberspace security will strengthen year over year.

Perform Annual Risk Assessments

The cyber threat landscape is constantly changing.  It is important to remember a risk assessment is a “point in time” assessment.  Keeping yourself and/or your business safe is a journey, not a destination.

The first step is having knowledge and a sound plan to execute.  Risk assessments should be completed on an annual basis or whenever you have a major infrastructure change.  The goal is to close the gaps in your digital footprints.

Those of us who have been in the information security industry over the past decade have seen firsthand how devastating the impact of cyber-attacks can be on people’s lives both personally and professionally.  There are millions of digital footprints in cyberspace that have little to no protection around them. It is not a matter of if, but when and how often we will be confronted by cyber criminals who will attempt to wreak havoc on our personal and professional lives.

As the tele-work trend continues to evolve, it is important now more than ever to adopt a cyber risk management system that you can rely on to thwart potential cyber-attacks.

Until next month, wishing you all a safe journey in cyberspace!

Questions?  Email me at [email protected] or send me a tweet @GoldskyRon.

by

by