Hackers and cyber-criminals are always on the look for new methods of entry, one of which is below the PC operating system. Low-level attacks often take advantage of weak system configurations and firmware vulnerabilities. While many of these attacks may not be as sensational as ransomware, they can be even more devastating.
Considering these threats and that organizations’ security parameter is expanding beyond the traditional four walls into their employees’ homes, here are five fundamentals one should keep in mind from a cybersecurity perspective:
- Protect devices above and below the operating system (OS) – In addition to having modern solutions in place to prevent unknown threats and respond quickly and efficiently to attacks across the endpoint, network and cloud, you must also choose devices that have protection and detection capabilities below the OS at the PC BIOS level, where we’re seeing a significant rise of attacks. The PC BIOS lives deep inside the PC and controls core functions like booting the PC. Often when the PC BIOS is compromised, the attacker remains hidden while the PC has credentialed access to the network and data.
- Ensure the physical security of a device and its data – The physical protection of a device is just as important as the cybersecurity deployed on and within the device. If you are using public spaces to work, remember to use a privacy shield so your data is protected from prying eyes. Also, enabling chassis intrusion detection tools will notify the user and send an alert to the system administrator if any physical tampering of the device takes place.
- Move to a password-plus strategy – Enhance passwords with biometrics, implement multifactor authentication and utilize digital certificates for stronger protection. Cost and complexity barriers are breaking down, making biometrics like fingerprint and facial recognition, easier to adopt. Also consider using password managers to create strong, complex and unique passwords which are then stored in a secure repository.
- Train employees routinely on smart security practices –This is especially important with many working from a home environment. Implement a security training program and include regular tests like sending test phishing emails to keep employees skills sharpened. And don’t forget, security training is equally important for security practitioners and IT managers as it is for any other employee.
- Make room for usability and protection to co-exist. Even if you have the best security tools, if they’re hard to use or hinder productivity, they will be ignored or defeated by your employees, leaving your organization at risk. Successful security solutions must be easy to deploy, easy to maintain and easy to use.
