General enquiries :
+44 (0)20 7602 6000

Secure home working with CACI Part 2: Three more key questions to ask your technology team

Tuesday 1 December 2020 Cyber Security

Jason Giddens's picture
By Jason Giddens

Every team faced new challenges during COVID-19 disruption, but your technology team might also have faced the monumental task of transitioning everyone in the company to home working. It’s impressive how quickly everyone adapted – but as we explored in the first blog post of this series, that speed has left many companies with some worrying gaps in their security profiles.

Now the dust has settled, and employees are into the rhythm of remote working, it’s time for technology teams to take a step back and assess their security measures. To keep your teams and data sets safe, your technology team should be regularly backing up your data, managing user privileges, and updating your security patches and signatures. If these key maintenance processes are ignored, it could put your entire company at risk.

To help put your mind at rest, we’ve gathered some key security questions you can ask your technology team to ensure they’re keeping your company safe.

Question #1: How often are you auditing user permissions?

While setting teams up for remote working, it’s likely your technology team needed to grant new users access to various applications and storage locations. But now that remote working has become a new normal, it’s important to go back and regularly audit who has access to specific data sets.

And it’s not just about setting the right privileges. It’s also about actively monitoring when certain documents are being accessed. If your company experienced a data breach, it would be difficult to track down the source that caused it without accurate records in place. These logs and ledgers should be managed by your IT administrators, and analysed often to check that important data isn’t being accessed by the wrong users.

Luckily, these steps aren’t difficult. Most cloud storage providers and security solutions offer easy-to-use tools for tracking user privileges and data access reports, and even enable IT administrators to set up alerts for any suspicious activity. But it’s still important to make regular audits and remove permissions when they’re no longer needed – especially at a time when it’s difficult to determine who has access to your employees’ devices.

Question #2: Is our data backed up – and can we recover it when we need to?

Storing your data on a cloud service isn’t a case of uploading and forgetting about it. Instead, you need to make sure you understand your responsibilities for backing up and protecting your data.

All cloud providers follow the “shared responsibility model”, which dictates which party has responsibility for specific security measures:

  • As a customer: you’re responsible for everything in the cloud – including your data, the firewalls you use to protect it, and the users you grant access to.
  • As a cloud provider: they’re responsible for the security of the cloud – including the compute, storage, and networking capabilities.

This distinction means that if an important data set goes missing, it’s not likely you’ll be able to hold your cloud provider accountable. So, whether you use native capabilities built into your cloud platform or create a physical data backup location for critical data sets, it’s important you have a strong replication strategy in place to protect yourself against permanent data loss.

Question #3: Are our security signatures and patches up to date?

Everyone knows how frustrating updates can be – they take valuable time from the working day, reduce productivity, and are often prompted when it’s inconvenient for the user. And due to these frustrations, many employees don’t keep their devices regularly updated with the latest security patches. But sometimes, a small compromise in productivity can save the stress and cost of a major data breach.

If patches and updates are ignored, it can create some major gaps in your security profile. In fact, in last year’s Security Boulevard report, it was revealed that 60% of data breaches were linked to a vulnerability where a patch was available, but not applied.

It’s down to your technology team to make sure all patches and security signatures are being kept up to date across your entire team. That means making mandatory, scheduled update bookings – ideally out of working hours – and maintaining a clear visibility of every employee device on your network. And the same process should be made for your cloud platforms too, ensuring you’re effectively protecting your data where it resides.

Protect your data during the remote working period

There’s a lot to think about when it comes to data protection, and it can quickly become overwhelming if you haven’t got a clear strategy in place. But don’t worry; we’re here to help.

We’ve created a short, one-page checklist that covers the key points you need to think about when assessing your security profile. You can get the checklist here, to ensure you’re keeping your data – and your employees – secure when they’re working remotely.

And if you missed the first blog post in our series, take a look to find out how you can strengthen your data management strategy.

Part 2 of our series on secure home working. Jason Giddens from our Digital Solutions team talks through what questions you need to ask yourself to make sure your data is secure when using the public cloud.

Secure home working with CACI Part 2: Three more key questions to ask your technology team