How to protect your corporate network this year: top three tips

Rich Turner

The past year has presented challenge after challenge for corporate IT teams. Managing the forced office exodus caused by the pandemic was no small feat, and that was just the beginning, with the subsequent emergence of a plethora of security threats representing one of the biggest challenges to business continuity most organisations have ever encountered.

It has persisted too, and even in recent months we’ve been reminded of the level of preparation needed to combat advanced threats, thanks to the SolarWinds attack. A 2020 report by Verizon discovered over 70% of data breaches involved victims that were large organisations. And most of these breaches were caused by external actors working from outside the business. Cyber-attackers are targeting corporate firms with a concerning level of success.

The pandemic has presented IT security teams with a continuous series of obstacles on top of the line of hurdles they already faced. Sensitive data and assets, as we saw with SolarWinds, are a valuable prize. Against the level of hacker innovation facing them , what can businesses do to protect their corporate networks this year?

1. Consider privileges in the cloud

There’s already plenty of conversation about whether cloud will reach its peak this year. It’s easy to see why when 92% of organisations’ IT environments are to some extent already in the cloud, according to an IDG report.

But all change, good or bad, brings new dynamics and new sets of diverse challenges with them. Cloud is no exception.

An increased attack surface is one of the implications of the complex nature of cloud. When traditional network perimeters are removed, the question of accountability must be asked. Whose responsibility is it to secure data hosted in the cloud? Is it the cloud provider’s? Or the customer’s?

Misconfiguration of account privileges is one of the most common consequences of this misunderstanding, and by extension, one of the leading causes of data breaches. When default credentials aren’t reviewed, excessive permissions can allow standard users unnecessary access to sensitive data.

AI-powered automated tools that review user permissions and privileges can be of great use to IT teams trying to overcome this problem. They provide both a quick and effective way of discovering accounts with excessive privileges, and removing any superfluous permissions for specific users.

2. Secure your third-parties

Research we carried out last year discovered that 25% of British businesses use over 100 third-party vendors. Whether consulting services or supply-chain managers, outsourcing internal functions has become commonplace.

Many of these third-party services require access to internal resources and data to fulfil their obligations. Our research found that 90% of businesses allow third parties to access critical internal resources – sensitive assets that if disrupted or stolen would cause significant harm to the organisation.

This presents a problem for IT teams, because responsibility for security is then passed to your third party partner. You may trust your own security measures, policies and protocols, but can you trust theirs? In fact, early last year flexible office space firm Regus suffered a breach due to this exact situation, with detailed employee performance information being leaked via a third party vendor. Regus had hired a vendor to audit its staff. The vendor’s security measures were weak, and the data breach was discovered in an investigation by the Telegraph. The impact an event like this has on reputation, as well as a company’s finances, is deep.

This example is a warning to any business using third-party vendors. The privileged accounts of all external operators must be constantly managed and monitored. They must be secure, structured, and multi-levelled, granting third parties enough access to carry out their jobs without putting the firm at risk of a punishing data breach.

Advanced Security-as-a-Service packages are well worth consideration for businesses hoping to ease the burden of monitoring and management on their IT team.

3. Monitor and educate your employees

The most evident challenge of 2020 was the transition into home offices from the traditional corporate workplace. IT teams were thrown into a maelstrom of consumer technology trying to connect to central corporate networks. Whether an employee’s Wi-Fi router or their personal laptop, the huge number of new devices introduced posed varying security risks.

This challenge is only going to continue into 2021. With the UK still under lockdown, a year in which we all work from home to a greater or lesser is easy to envisage. The security threats will have to be managed.

The approach many businesses take to this challenge adds to the problem. Far too many businesses are over reliant on security policies to keep bad threat actors out of their networks. These are almost never enough by themselves. In fact, our December research found over 50% of UK employees ignore corporate security policies. More must be done.

A lack of user-friendly processes is a common reason security policies aren’t followed. Businesses may recognise the importance of security, but the processes implemented are too difficult for employees to use, creating friction in the user experience. In the end, people find shortcuts in the pursuit of efficiency and ease of use.

A balance must be struck to address this problem. Employees must first be educated on the importance of adhering to security policies, but in turn IT teams must adopt tools and processes that help minimise disruption to the wider business.

These strands of security present their own unique challenges, but the common denominator is often the privileges associated with human and non-human accounts. Criminals know these accounts hold the power to access mission-critical data, systems and apps, and will do anything to get hold of their associated privileges. Taking the steps outlined above should help corporate IT teams make that process a lot harder.

What will gaming look like when it goes into the...

James Ponter • 08th July 2022

One of the biggest hurdles in cloud gaming is the reluctance of ‘gamers’ to adopt the system, but developers and tech giants aren’t slowing down their move to the cloud. So, what is cloud gaming? How can we expect the landscape to look in a few years? And most importantly, what are the limitations? By...

The cost of living crisis.

TBT Newsroom • 29th June 2022

What Communication Service Providers can do to help their customers cope with the cost-of-living crisis. We’re all familiar with the rip roaring marketing slogans of our U.K. Communication Service Providers – ‘together we can’, ‘The future is bright’, ‘It’s all about you’…but sadly, these no longer appear to ring true for the millions of consumers...

Thriving In The 5G Era.

TBT Newsroom • 26th June 2022

As consumer demand rises, and network availability expands, 5G is becoming more viable for widespread use — by 2027 it’s expected to cover 75 per cent of the world’s population. However, it’s still no secret that 5G uptake is dawdling and many enterprises still aren’t enjoying its benefits.

Why Low-Latency Is So Important.

TBT Newsroom • 23rd June 2022

Consumer interest in 5G technology has been fueled by the arrival of glamorous, speedy handsets such as Apple’s iPhone 12, with 5G networks now rolled out to many towns and cities across the country.