Cybersecurity and the New Hybrid Office
Ten to fifteen years ago, the products and services on the corporate network were well-defined, controlled, and kept secure by the IT department. For the past five years or more, a myriad of AV over IP control systems, appliances, and devices, coupled with Bring Your Own Device, had IT directors attempting to standardize on devices, software, and platforms to mitigate security risks.
Today, the demands of the new hybrid office with an increasingly mobile workforce accessing the network, as well as the explosion of video conferencing and other cloud solutions, is placing the enterprise network at a greater risk than ever.
Let’s see how companies could mitigate cybersecurity risks in today’s meeting room.
As the hybrid office is becoming the norm, so too are video conference meetings in nearly every workspace. Solutions that enable collaboration must be easy to use and secure.
When employees access content from the enterprise network and use screen sharing via a cloud platform to share with remote participants, they are most often unaware they could be creating a security vulnerability. Whether data is being shared locally or via the cloud, it should be continuously secured and encrypted, and user authentication and authorization should be in place.
But it’s not enough to take precautions to ensure internal data and network security; it’s critical to know that you can trust that the manufacturers of devices and cloud solutions being used are also serious about security.
Secure by Design
When the manufacturers developing new products, security needs to be thought of at the beginning of the process. In the case of embedded devices, it could be impossible to mitigate risk once the product has deployed because there is a link with the hardware. It’s essential to think about abuse cases and scenarios and mitigate them during the design and implementation.
For this reason, some manufacturers are using the ISO/IEC 27001:2013 standard, which covers the full product life cycle. It is in place during the design, implementation, and testing process—defining secure-by-design. The standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.
ISO 27001 is the most comprehensive program for information security standard that addresses:
Organization: Have clear information security objectives been defined in the organization, and is a structured framework in place to report status back to management?
People: How aware is the organization’s staff of their role in preventing and reducing cyber threats—whether handling sensitive data or understanding how to spot phishing emails?
Processes: What roles, documentation, and processes does the organization have in place to mitigate cyber security risks?
Infrastructure: How are IT assets managed? Is access control well-managed by the organization?
Ease of Use, and Peace(?) of Mind
It’s important to remember that no matter what system is used, content has to be securely managed. Equally important is having trust that the cloud conferencing platform has the right security controls in place to share content to remote participants.