Five information security rules for the new world

07 December 2020

Andrew Todd

Named one of Australia’s top technology leaders in the CIO50 for the past two years, Andrew is Iress’ CTO, responsible for software development, delivery and architecture, and information security governance.

It’s been a unique and challenging year. We’ve all adapted to working from home and using digital tools to help us stay productive and connected. This has been, for the most part, a very positive experience. But it’s critical advice firms stay wise to the increased information security threats.

Iress’ chief technology officer, Andrew Todd, has put together some top tips to help you, and your employees, stay cybersafe while working from home.

1. Keep home and work separate

The home or remote working environment simply isn’t as secure as a managed workplace and we should all view our home/work environment differently.

Where possible, your team should continue to use work-provided equipment. If it isn’t possible, they’ll need support and guidance in how to set up and manage their computer and WiFi more securely, configure virus scanning and endpoint protection software, as well as help keeping installed software updated with the latest patches.

2. Use a password management tool

We’re all using more software and systems, and that means more passwords. Over 50% of people admit to using the same password for multiple accounts – including home and work – and that’s a significant security risk. If an attacker can steal credentials and gain access to one account, it opens a pathway to accessing every other account that uses the same password.

Password management tools that ‘remember’ your login credentials, can help you create strong passwords, and also provide a secure place to store them across devices reducing the need to ‘send’ passwords or other sensitive data across the Internet.

3. Choose multi-factor authentication every time

The use of multi-factor authentication (MFA), where users have to present multiple forms of verification to gain access to a system, is increasing.

Often these options aren’t selected by users due to the perceived inconvenience it brings. Still, the inconvenience is insignificant when compared with what happens in a data loss or ransomware event.

If you’re still using Two-Factor Authentication (2FA), you should look to implement or enhance your systems to take advantage of MFA. Using MFA best practice for accessing systems is one of the simplest things you can do to improve data security.

4. Think cloud-first and cloud-native

Choosing technology involves trade-offs, but security and data protection should never be one of them. As businesses move forward with their strategic investments and look to support remote working longer term, consideration must be given to how new technology is selected and implemented. The approach should, by default, consider cloud-first and cloud-native strategies over ‘installed’ software which were developed to operate over the Internet with security as a primary consideration.

5. Trust no-one

People are still the primary risk to data loss or an information security breach, so make sure your team is well versed and up to date on security training and education, particularly when it comes to risks around fraud and social engineering. In particular, it’s critical to reinforce the care required around unknown emails, fake emails or websites.

    • Get the latest updates

    All you need to stay ahead, delivered to your inbox.

    Subscribe for updates

    Join 12,000+ of your peers! Get the latest strategy and practice management insights delivered straight to your inbox.

    You may also be interested in