Securely enabling business in the age of “work from anywhere”
Over the past few months, I’ve shared a series of blogs noting best practices for business resilience. We’ve discussed how our developer tools – including the DevNet Automation Exchange and Cisco Modeling Labs – can help improve connectivity. And how widgets and APIs can improve the customer experience in a remote work environment.
Earlier this year, I had a conversation with Bailey Szeto, VP of Cisco IT, on best practices for business resilience, and I received feedback that it was helpful to our customers. So, I wanted to keep the conversation going and talk about security. In this post, I want to share with you a recent conversation I had with Cisco’s Chief Information Security Officer, Mike Hanley. I wanted to learn more about best practices for security and business resiliency in a “work from anywhere” world.
Key changes to our security landscape
The global pandemic impacting our world is highlighting the increased need for thoughtful security practices and security education to enable security at scale. Over the past few months, things have shifted quite dramatically. Before COVID hit, most of us worked from an office. The exception was the remote worker in the coffee shop, at the local bookstore, or working from home. Now, the exception is the rule. With a predominately remote and mobile workforce, basic security principles become paramount. For example, Mike says that within our Cisco Chief Information Security office, it’s critical that we have:
- Strong authentication
- Secure network transit with or without a VPN
- Devices that meet standards for what we consider trustworthy
- Employees and IT teams who are educated and alert to security risks
Security education is critical
Education is critical so that all employees understand the role they play in helping to mitigate security risks. Easy-to-understand instructions about what to watch out for, and what to do if a security incident occurs, can go a long way to mitigating risks.
According to Mike, COVID opens more doors for opportunistic attacks by bad actors. Malicious actors are using phishing, clickbait and other methods to exploit cybersecurity vulnerabilities and deploy alluring messages that we otherwise might ignore. Cautioning employees on the types of things to look out for can help mitigate the risk associated with these types of attacks.
The three-step framework for security
Mike shared the three-step framework that we use at Cisco for keeping the business secure:
- Understand your business and empathize with business stakeholders. It’s important to have good communication channels across your organization so that you understand the full security risks. Know where your data is, and ways you can help the business prioritize how risk is allocated. By leading with empathy, you have an understanding of the needs of your stakeholders, and can help keep your business running at speed and securely.
- Deputize your people as your best defense. It’s vital that everyone in an organization understands the role they play in security for the enterprise. It’s about deputizing people as extended members of the security team, and creating a mindset in which everyone has responsibility and ownership to keep the business secure. What should they do when something seems suspicious? How should they onboard a third-party SaaS vendor? These questions denote just a small sampling of the types of things employees should understand with ease. Rewarding and recognizing good behavior is an inexpensive way to keep security risk at bay.
- Focus on the basics. Mike expressed that it’s easy to become entranced with the cool technologies being developed in the security space. But without a strategy or implementing basic, foundational security principles, no amount of technology will help. Security is like a hierarchy of needs, start towards the bottom of the pyramid with the basics and work your way up.
Resources and tools to keep you safe
To learn more about how you can secure your business and create business resiliency through the pandemic, visit trust.cisco.com. There you’ll find more best practices and resources to keep your business and your family safe:
- Remote Work: Keeping it Secure – How Cisco scales our secure remote workforce.
- Top 10 Questions to Ask About Today’s Video Conferencing Solutions – the right solutions should be easy to use, intelligent, scalable, and most of all, secure.
- Keeping You Connected During the COVID-19 Crisis – providing solutions, tips, technology, and resources to help our community during this challenging time.
- Keeping Your Stay-at-Home Family Cyber Safe – to provide the resources that can help you stay safe online while working at home.
Security requires continuous learning
Best practices in security require continuous learning. The IT and threat landscape are continuously evolving – accelerating, intensifying, and becoming more complex. Make sure your IT team is prepared to protect, detect, and defend security threats to your network and mitigate risk where possible. Consider who you’re hiring and the skills they have, and consistently upskill those already on your team. Professionals with Security and CyberOps certifications are in high demand. And even those who have been certified need to stay up to date.
By working smart and staying informed about security, your organization will be more resilient – for now and for what’s next.
- Visit the DevNet Security Dev Center to learn how open APIs and integration points support 3rd part integrations.
- Learn how to become a Cisco Certified DevNet Specialist for Security Automation and Programmability