SecuringPeopleB Y C O R E T O C L O U D

Welcome to stage three of our series ofebooks, designed to support you duringunprecedented times. We understand howimportant it is for you to protect your stafffrom the dangers of the outside world -afterall, that’s why you’ve enabled yourstaff to work from home.

Where we come in is facilitating thesupport they need now they’re safelyworking remotely. We have always had apassion for Cyber Security and helpingorganisations stay one step ahead of thebad guys. With a plethora of knowledge and supportright at our fingertips, we’d like to shareour resources with you - we hope you findit useful! As always, we’re available to discuss yourconcerns at any time. We might be takingyour call from our kitchen table… but we’restill operating at full-steam-ahead!

Welcome1.

Get in touch

W e l c o m e I n t r o d u c t i o n

Securing Mobiles

Securing data and who

has access

Security awareness

training

Core to Cloud Favourites 

W e l c o m e I n t r o d u c t i o n

As chosen by us and our customers

2. Securing People

S e c u r i n g P e o p l e

Gartner predicts that 80% of worker tasks will takeplace on a mobile device by 2020." -Gartner, "Preparefor Unified Endpoint Management to Displace MDM andCMT" June 2018 Recognising that our COVID-19 response has reinforcedthe reality that we are living in a perimeter-less world,with employees working from home across the worldas we continue with social distancing practices. It is keythat as employers, we are protecting our people bysecuring their phones with the same rigour that weapply to protecting laptops and desktops. This allows our employees the freedom to accesscorporate email and applications on their phones with ahigh degree of confidence that by doing this you’re notexposing your data, IP and networks to maliciousthreats.

LookoutSecuring data in the post-perimeter world requiresorganisations to move critical security capabilities toendpoints (i.e. your smartphone, laptop or tablet).Lookout are the industry leaders when it comes toprotecting the endpoints we use most. From phishing threats to content protection, Lookoutlets you know when you’re taking risky moves on yourdevice. It blocks suspicious activity and prevents youfrom clicking that link in a phishing email, text or directmessage. By moving security to the endpoint, you can rely onyour device to keep your data safe, with less relianceon data protection systems themselves.

S e c u r i n g P e o p l e

However, it remains a sad fact that human erroraccounts for many of the cyber attacks and breacheswe see today. Whether that’s insecure passwords,accessing the system from insecure networks or simplyclicking on an unassuming link in what appears to be alegitimate work email - the threats are out thereand easy to stumble upon. Approaching this issue is a difficult one - training in thisarea is often treated as a ‘tick-box’ exercise, with littlepsychological research into human behaviour. In light ofthe Covid-19 pandemic, many companies have had toreadily assess and bolster their security posture. In aperimeterless world where we can’t have all ouremployees in front of us, how do we protect them? Across the world, we are seeing a significant rise inmalware and phishing attacks as criminals exploit thevulnerabilities of millions of people dealing withunprecedented changes of their way of life, as well ashastily rolled out new ways of working from home toenable businesses to continue. Not only do we need to ensure that the right technicalcontrols are in place to prevent, alert and remediateagainst these attacks, we also need to take care of ourpeople and ensure we’re continuously training them torecognise and respond to security threats, and a keypart of our defence against phishing and malware. S e c u r i n g P e o p l e

3.As we mentioned earlier, training is often viewedas a ‘tick-box’ endeavour… a simple deliverable tokeep auditors off our backs. But in light of thecurrent increase in cyber-crime, it’s clear that ourprevious mode of educating and motivating ourstaff around cyber security is not working. Why? Because cyber security training hasn’tchanged. In an industry that constantly innovatesand reinvents itself, why has our training stayedthe same? Most employees simply want to getback to work, doing what they do best - so howcan we facilitate that with training?

Training ThatUnderstands People

T r a i n i n g t h a t u n d e r s t a n d s p e o p l e

CybsafeCybsafe’s Security Awareness Training is different- thank goodness! Using the latest in AI andlearning technology, Cybsafe delivers a tailoredexperience, picking up on how you like to learn. Their training is also based on the premise thatyou can’t protect what you can’t see. Therefore,Cybsafe is designed to give you metrics,measurements, indicators and insights aboutwhere you can improve. You can also measureemployees behaviour, training and how confidentthey feel about what they’ve learned - a metricthat has never before been deemed necessary.Using behavioural science, Cybsafe createsenvironments where employees knowledge canbe tested via simulated attacks - testingresponsiveness and ability to neutralise a threat.It’s a truly exceptional solution for a very modern-day problem. What’s more it’s GCHQaccredited! Cyber-security training, that’s done well, can beutterly transformative. Even back in 2011, a studydiscovered that between 26% and 45% ofemployees were susceptible to phishing emails.Implementation of security awareness trainingreduced employees susceptibility by 75%! In 2020, a time when phishing attacks are farmore effective and malicious - imagine thepositive impact proper training could have... T r a i n i n g t h a t u n d e r s t a n d s p e o p l e

4. Security ThatUnderstands Data

Control privileged activities and delegate administrativeaccess safely. Manage and secure Active Directory – the mechanismthat supplies access to all your data.Reduce data access and permissions to appropriatelevels.

StealthbitsWe want to secure our people, because that in turnsecures our data. The crossover here is the ActiveDirectory. If the directory is exposed, so is the entiresystem and all its processes. In order to protect thedirectory, we need to:

As we said, people are (sadly) often the issue. Bymonitoring and reducing access to the Active Directory,we’re reducing access to the critical data that needssecuring. Stealthbits is the only cybersecurity solutions providerthat focuses on not only protecting an organisation'sdata, but the credentials that supply access to itthrough the Active Directory.

S e c u r i t y t h a t u n d e r s t a n d s d a t a

To make it even more intuitive, Stealthbits complimentsother industry leading services you may be using,quickly bolstering the solutions you already have inplace. Stealthbits’ Data Access Governance solutiondiscovers where your data lives and then classifies,monitors, and remediates the conditions that makemanaging data access so difficult in the first place. Theresult is effective governance that promotes security,compliance, and operational efficiency. When we talk about securing people, we’re reallytalking about risk management. It’s easy to see howbusinesses in haste to move their workers online, mighthave left doors open for malicious players to takeadvantage. Human error and poor configuration are often thereason for significant data breaches that could’ve beenavoided. GDPR still exists, even during a globalpandemic. Our best possible defense in theseunprecedented times, and for the digital revolutionthat’ll likely follow, is to secure and reduce access todata wherever possible.

S e c u r i t y t h a t u n d e r s t a n d s d a t a

5.What’s next?

W h a t ' s n e x t ?

If you’d like to know more about the vendors andsolutions mentioned in this ebook, head to our blog. To discover more about securing endpoints andeven cloud applications, why not take a look at thefirst two ebooks in this series. You can accessthem, here. Sophie will be on hand to help at any time with anyquestions or queries you may have. Please don'thesitate to get in touch, we are here to help. Pleasefeel free to contact her on:sophie@coretocloud.co.uk or 07557 449471. In stage 4 we will be discussing securing yourassets and communications - stay tuned!