hand-in-hand if implemented properly – if leaders understand it
takes a multipronged, collaborative approach to ensure all bases
are covered. There isn’t just one path forward – the best approach
to risk management covers five pillars of enterprise security. These
are: identity and access; network security; application security;
data security; and monitoring and response.
The bottom line is that while risk can never be eliminated com-pletely,
it can be mitigated to put IT departments, employees and
C-suite executives at ease. Here are some basic components to
mitigating cyber threats, highlighting where companies are most
vulnerable and how they can close the gaps.
BEYOND STRONG PASSWORDS: PROTECTING
ACCESS AND IDENTITY
A single username and password combination won’t cut it when
it comes to preventing unauthorized access to apps, data and net-works,
especially in a time when hackers can compromise security
measures such as database encryption. What can companies do?
The first tactic is two-factor authentication before logging into
a system or a network. Authentication is based around something
the user knows and something the user has (consider when with-drawing
from an ATM needing both a code and a card). When
implemented, two-factor authentication provides a secondary lev-el
of security, and if the primary password is compromised, there is
still a safeguard against impersonation. Companies can also imple-ment
“the principle of least privilege” where users are authorized
for access to the apps, desktop and data that are needed to com-plete
their work – with rights reduced once no longer required.
Finally, IT can grant access control on the user context – for exam-ple,
device, location, user or action. This way, admin can customize
access based on security policies, and users can work on any device.
NETWORK ACCESS: GUARDING THE
CORPORATE FABRIC
The network is the fabric that holds the company’s IT together
and an error by one employee can take down an entire compa-ny’s
network. With more third parties accessing networks (such as
contractors, vendors and partners), ensuring security best practic-es
are in place is more important than ever.
There are a couple of steps to protecting a network. First, pro-viding
encrypted delivery of apps and desktops to employees and
third parties – whether they’re in the office or on the go. IT can
also use segmentation – which means defining specific “security
zones” that can minimize unwanted access to sensitive data, with
firewalls and gateways to restrict access.
APP SECURITY: MAKING CONVENIENCE SECURE
Protecting a company’s mobile productivity apps – which can
be email, calendar or contacts – can be complex, especially when
they are used across various platforms. When using mobile de-vices,
companies put themselves at risk of attacks and leaks
when data is stored on consumer cloud storage, social networks
security
32 ❚ DECEMBER 2017 ❚ HR PROFESSIONAL