Security Awareness with a Remote Team | Kelvin Coleman
Panel overview: An increase in telecommuting
gives cyber criminals more opportunities to exploit unprotected threat vectors . The best-laid security plan can fall apart when individuals are exploited through phishing emails , social engineering, and related efforts. This is why understanding cybersecurity is as important as using cybersecurity. SEE ALSO: Cybersecurity Challenges of Remote Working Key takeaways:
- Passwords are essential, but multi-factor authentication is more important. Think of passwords as keys, and multi-factor authentication as a deadbolt lock.
- Don't put more information online than you have to. Keep it at a bare minimum, especially with personally identifiable information (PII).
- Email phishing social media phishing (like through LinkedIn) is still a top threat that people fall victim to every day.
Third Party Risk Management in a COVID World | Melissa Bendana & Marc Haskelson
Panel overview: This panel explored the
complexities and importance of third-party security in 2020, especially in a COVID-19 world. Key takeaways:
- It can be easy to focus on a computer’s security, but users must consider the security of other, easily accessible technologies too, such as a printer.
- People should consider using a VPN, adding a password to their Internet network, changing the default password on their wifi modem, and adding a guest wifi network for added security.
- Organizations need to not only have a business continuity plan but test it as well.
Transitioning From Legacy Systems to the Cloud for Better Security | Dave Ledoux
Panel overview: An important part of the
healthcare digital transformation is moving from on-premises solutions to the cloud, but sometimes the challenge can seem so large that it’s hard to know where to begin. Key takeaways:
- IT security needs to be a frictionless experience for all, especially the end-user.
- Migrating to the cloud can help a company implement automatic workflows, saving time and effort.
- Nizhoni was in an excellent position to transition to remote work due to the coronavirus pandemic because it had already transitioned to the cloud.
- The company has saved both time and money; phasing out the fax machine alone has saved thousands of dollars a year.
Embracing Zero Trust (When You Aren’t the World’s Largest Internet Company) | James Plouffe
Panel overview: Zero trust is a mobile-centric
security concept that centers around device validation, app authorization, and network verification before a network connection is granted. All of this helps with endpoint security so your organization remains secure from outside attackers while maintaining HIPAA compliance. Key takeaways:
- A zero trust infrastructure is not a fork-lift upgrade; many organizations already have many of the building blocks.
- Organizations must strengthen their authentication practices and complete an inventory of all endpoints and services.
- Reference documents and architectures present some components of zero trust as uniform across the board. However, in practice, many aren’t.
Usable Security: A Human-Centric Approach to Security | Julie Haney & Andrew Hicks
Panel overview: Usable security is the
intersection of cybersecurity, human factors, and human-computer interaction. The idea is to positively influence cybersecurity standards and guidelines while also improving usability, which is why the need for usable security and compliance go hand-in-hand. Key takeaways:
- Security buy-in takes time and effort from the top down (executives to employees).
- Security should drive initiatives with compliance elements weaved in.
- Usability and security need to coexist. Organizations should take the burden of security away from end-users and not expect them to be perfect.