Adjusting to current cyber security threats: Threat focus must change

Pete Hoff
  • 7 min read

This segment is the third in a series focused on adjusting the security controls of your business after COVID. This piece addresses staying vigilant and aware of current threats in a post-COVID world. Many organizations have begun shifting their workforce back into the office and reducing the remote worker risks. However, this appears to be moving slowly due to a variety of factors and preferences. Regardless of the reasons why the threat landscape appears to be changing.  

Read Part 1 and Part 2 of this three-part series.

Building effective security focus for today’s workforce 

In the first segment, we discussed identifying your risks based on what tools and processes your organization utilizes. This is where the rubber hits the road so to speak. If your organization uses cloud-based tools from Google Workspace like Gmail, Drive, and Chat, you have a number of ways to ensure visibility into the threats at your doorstep. 

Wursta’s most effective security recommendations:

Turn on EVERY security capability that is FREE and does not significantly impact your business. This is very simple, yet many times you may hear excuses from support personnel or employees that may have suffered productivity loss in the past due to security processes. 

My advice is simple: review the negative rhetoric very carefully. Never disable a security control when it will only impact a small number of your employees. If your organization happens to have a handful of employees who consistently contact your helpdesk, you may want to focus on training to help them understand the risks.  Our experience is that it’s not worth putting your entire business reputation and security at risk for these few individuals. 

The top five security controls you should be using

Reducing the threats begins with enforcing security controls. Here is a shortlist of actions nearly every business should strongly consider, and most are free with Google Workspace. This is intended to be a quick list to give the reader some focus.

  1. Enforce Multi-Factor Authentication or 2-Step Verification for ALL users.
  2. Require all Admins to have two accounts; one for email and web use, and a second for administrative activities only. If an administrative privileged account becomes compromised or encounters malware, the impacts can be catastrophic.
  3. Limit external sharing of files to specific groups of users. External sharing is one of the riskiest activities when left to all employees.
  4. Turn on all email security capabilities. In Google Workspace there is malware protection, sandboxing of files, SPF, DKIM, DMARC, and email encryption capabilities, in addition to phishing protection.  
  5. Implement an Endpoint Detection and Response (EDR) solution on your desktops, laptops, and tablets. Google has partnered with CrowdStrike, an industry leader in security detection and response spaces as an example.

As I mentioned earlier, this is just a short list; it’s not exhaustive. There are many other security controls that should be enabled. However, this is how a business can begin to mature its cyber security program. Start by looking at your Admin console for what is available. 

For Admin console expertise, contact Wursta. We’d be happy to help

Awareness of threats: turn on security alerting

As soon as practical, enable security alerts from any system that can provide them. Alerts are important in order to stay vigilant of the current threats attacking your users or business. 

Within the Google Cloud arena, there are many alerts available through the Security Dashboard and also through custom alerts. Some alerts can be technical and may require some research. Spend a little time looking at the alerts and what they mean to understand why they are available and how to respond. 

Some of the most impactful alerts include the following:

  1. Suspicious logins are the single largest threat to most organizations. Even if you have enabled 2-Step Verification, there are some situations that are serious concerns and can alert you to stolen passwords.
  2. Suspicious events on endpoints such as malware or possible compromise.
  3. Security health of the organization’s devices including laptops and tablets. Ensure your devices’ security updates are regularly applied and security policies are enabled.
  4. Email-related alerts such as phishing. While Gmail stops 99.9% of phishing attacks when customers turn on all Gmail security solutions, there are always new attacks that may sneak through.
  5. Phishing your employees and understanding their response to phishing emails is also a very useful report and metric. While this is not an alert, it’s helpful to management when understanding employees’ capability to spot threats.

The above-mentioned alerts are also very helpful when providing senior management or your board of directors with metrics regarding your organization’s security health.

One last note about security alerts: always assign someone the responsibility to review the alerts and create regular (at least monthly) Metrics Reports. This ensures your organization can take action on the alerts you find. 

Security is always evolving; stay tuned to cyber incidents and threats 

As we know, cyber incidents are constantly changing and becoming more complex. Stay ahead of threats and trends by monitoring news from large organizations like Google Security Blog, Crowdstrike Security Reports, or other RSS News Feeds. A listing of current cyber security news feeds can be found here.

With a little bit of planning, small steps can be made to significantly reduce the risks of your business. For more information about how to continue this process with in-depth and highly effective cyber control, let’s connect