The workplace desktop is a popular target for cybercriminals. But your employees can also become a security risk – sometimes unknowingly, sometimes deliberately. The workplace from the cloud offers the best prerequisites for effectively getting both external and internal threats under control.
Hacker attacks against IT systems, phishing through emails, employees’ private USB sticks, shadow IT – the list of potential dangers to IT security in the workplace is long. At the top are hackers who use vulnerabilities to attack companies’ IT systems from outside.
A Long List Of Dangers: The Threats To IT Security In The Workplace
Blackmail And Manipulation Of Software Through Hacker Attacks:
Attackers often use ransomware programs or spread viruses and worms in company IT that can completely paralyze operations. In the end, companies usually pay a ransom to get their data back and work with their systems again – the number of unreported cases is high in these cases.
The Asus hack recently demonstrated that criminals could also gain access via a manipulated manufacturer software update. An estimated one million computers and laptops were infiltrated with a backdoor.
The Invisible Opponent:
Other attackers obtain more and more access authorizations in a multi-stage attack scenario ( Advanced Persistent Threat, APT ) and thus get deeper and deeper into the system landscape. In addition to employees’ email accounts, popular gateways are, for example, SCADA and ICS systems, which are responsible for control and monitoring tasks in the industry.
Once the cyber gangsters have access, it is child’s play for them to penetrate further and fish for authorizations, passwords, data, and trade secrets – and remain undiscovered for a long time.
In addition to scenarios such as the complex APT attack, primarily aimed at technical security gaps, some methods directly target human vulnerability. Suppose an attacker with a falsified identity contacts an employee by email. In that case, he can lead him to a phishing website or even smuggle in Trojans and other malware hidden in a PDF document in the mail attachment.
Or tries in a particularly bold way to access confidential data by pretending to be the company’s managing director or CEO and sending an accounting employee with a seemingly legitimate email address to provide him with colleagues’ salary and bank details. The chances for the fraudster are good that the employee will carry out the instruction and not question it.
Shadow IT Risk:
According to 28 percent of all employees already use programs that have been installed without authorization or that have not been approved by the employer or the IT manager. It should also be borne in mind that often unknown (“in the shade”) used programs such as Teamviewer and Dropbox, the use of which is free for private individuals, cost money in the business environment if employees regularly use them.
Cloud: More Security – And Yet The Fear Of Losing Control
Employees are already ahead of their employers when it comes to the cloud: According to the Citrix survey, 60 percent of employees say they want to work in the cloud. At the same time, there are persistent reservations on the IT management level, especially concerning public cloud offerings. Above all, there are uncertainties regarding data security, data protection, data access, and data distribution. In other words, there is a fear of losing control.
To alleviate these concerns, solutions for everything to do with the cloud workplace, such as tools for managing identities or digital collaboration, contain central mechanisms and measures that significantly reduce the threat potential of both weak points – human and machine. In addition, these security and monitoring tools enable companies to maintain an overview of data, systems, and employees at all times.
How Does The Cloud Create More Protection For Workplace IT?
First, companies need to conduct a threat analysis of their ICT landscape and define the desired security level. There should be no compromises regarding security with email, which is an essential gateway for hackers. Attachments and links should always be checked – Office 365, for example, provides appropriate technologies such as scan and filter engines.
Exchange and other standardized services (commodities) are in good hands in a cloud with their central security measures – such as automated updates and patches. Telephony and collaboration tools such as conference systems, Share point, One drive, and comprehensive, unified communications solutions (UC) are also candidates for the cloud.
The recommended security measures include:
- Central rights and identity management.
- The security classification of data.
- Email encryption.
- Major software distribution.
Systems such as data loss prevention are also available to ensure protection against data loss and secure backups. With intrusion detection, data and applications can be protected from intruders such as viruses and worms. With the help of threat intelligence, threat analysis can be carried out in advance of possible attacks.
Last but not least, Microsoft’s Advanced Threat Protection (ATP) offers the possibility to detect anomalies in data traffic and usage and combine automated warnings with direct measures against attackers. For example, ATP can be used to determine whether an employee’s computer has just been infected by unknown malware (anomaly detection). A
At the same time, all other computers in the organization are protected, e.g., by deleting the attachment from the Exchange mailboxes (action and containment). This is where the advantages of the cloud come into play, as such protection mechanisms can hardly be implemented in local infrastructure in terms of budget and effort.
Integrate External Cloud Service Providers
The level of security offered by a professional service provider for cloud workplaces can only be achieved by medium-sized companies on their own with a high expenditure of personnel, time, and money. Experience has shown that a solution can also be found with the help of a service provider for business-critical individual software and legacy applications required for daily work and can only be “cloudified” with great effort.
It is usually advisable to carry out an iterative replacement process in several steps. This can include outsourcing, for example, as part of which all innovations in application modernization are implemented via cloud systems. In addition, hybrid operation with a mixture of cloud and on-premises installations is usually also possible.
A good cloud service provider can also provide comprehensive security mechanisms for all workplace systems and, in particular, to ensure compliance and data protection regulations such as the General Data Protection Regulation (GDPR). This gives companies the tools they need to obtain workplaces as a service from the cloud securely. You have to use it.
Top Priority: Convey An Awareness Of Security Issues
Cloud service providers thus ensure the secure transmission and storage of data and offer companies a comprehensive set of security tools. At the same time, companies and employees must do their part to ensure the security of cloud workplaces. It is essential to convey understanding and sensitivity for security issues to use the virtual workplace in the office, in the home office, or on the go without worries.
A central security policy is indispensable here. Companies have to define different protection classes for data and documents and make their employees aware of them. In this way, they can recognize whether a record set on Share point is to be treated confidentially or released for public use.
Safety regulations should also be defined with a sense of proportion and appropriate to the situation. For example, it is advisable only to require two-factor authentication if the registration of a user is classified as potentially risky. This can be the case when you are abroad, for sensitive applications, or a specific user group.
If You Don’t Dare To Start, You Won’t Win
Medium-sized companies shouldn’t put off entry into the cloud workplace on the back burner. Trust can only be gained by putting the cloud to the test. The cloud cannot offer one hundred percent protection. At the same time, companies can use the cloud to make their own IT much less attractive to burglars.
Companies have secure transmission paths, storage space, and comprehensive protection systems for their data with cloud workstations. Employees can use their desktop workstations anytime and anywhere on all end devices.