The rapid transition to telework due to the COVID-19 outbreak caused many government information technology managers to rethink how to secure agency networks.
As we approach National Cybersecurity Awareness Month (NCSAM) 2020 this October, now more than ever, government agencies and businesses must be able to identify, monitor, and manage all people, applications, and devices that access their resources.
Before workers had a chance to adjust to working remotely, cyber attackers were on the prowl looking for security lapses they could exploit to access government and corporate networks. Hacker groups moved swiftly to launch coronavirus-related phishing scams to steal user credentials, according to a joint alert issued in April by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).
Who and What’s on Your Network?
The number and diversity of devices connecting to public sector networks is growing, making the need to manage endpoint privileges more urgent. Endpoints are no longer just desktops, laptops, and servers, but include smartphones, tablets, wearables, and Internet of Things (IoT) technologies, and other non-traditional devices that may connect to organization systems or the Internet. As more people telework, agencies have also experienced an explosion of employee-owned devices regularly accessing their networks.
BeyondTrust, a leading provider of a comprehensive Privilege Access Management (PAM) platform—which consists of secure remote access, endpoint privilege management, and privileged credential management solutions—helps agencies see and control what’s on their network, what is connected to their network, and what devices and identities are accessing resources on their network. This level of visibility is crucial for agencies to effectively monitor, defend, and rapidly respond to cyber incidents.
Moreover, as more people and devices connect to networks, IT and cybersecurity teams need to eliminate unnecessary privileges and ensure users or devices have access only to applications or systems needed to complete a task or function, and nothing more. This concept of “least privilege” is recognized as one of the most fundamental security IT strategies. However, many agencies have lagged in fully implementing it across endpoints. By enforcing least privilege, agencies can dramatically reduce the threat surface against both internal and external attacks, while allowing employees just enough access to remain productive.
“If You Connect It, Protect It.”
Secure remote access and endpoint privilege management align with this year’s Cybersecurity Awareness Month Theme: Do Your Part. #BeCyberSmart. The goal is to empower individuals and organizations to own their role in protecting their part of cyberspace, with a key focus on the message for this year: “If You Connect It, Protect It.”
Agencies can do their part by implementing the tools and policies that ensure the right person (or device) is accessing the right information at the right time for the right reason. Remote workers must be better educated about cyber risks, such as phishing scams and malware and . ensure their laptops and smartphones have the latest antivirus and malware protection, strong passwords, and encryption for sensitive information.
Telework will be a fixture across the public and commercial sectors long after the COVID-19 outbreak subsides. Therefore, managing identities, credentials, and privileges must be an integral part of an agency’s cybersecurity strategy, ensuring that any person or device connected to the network is protected. It’s a message that must resonate across government agencies.
Yes& is working with BeyondTrust Public Sector to refine that message for federal, state, and local government agencies. BeyondTrust has been on the forefront of helping organizations secure remote access connections and manage user identities and privileges for many years--even more so over the past six months.
By working with BeyondTrust to develop thought leadership articles, blogs, and content, Yes& is helping the company support government IT and cybersecurity teams’ efforts to protect their agencies and workforce from cyber attacks.