Cybersecurity, Policies and Training

Complacency in Cybersecurity: Why Protecting Your Business is Crucial Now More Than Ever

We see news of data breaches and the need for cybersecurity almost every day. In fact, 2019 is on track to be the worst year ever for data breaches, with more breaches in the first six months than the entire previous year.

Remote worker having Skype meeting

fizkes / Shutterstock.com

Tech giants like Facebook and Google have not been immune. Cities like Baltimore and other local municipalities have been shut down from ransomware. Even financial institutions like Capital One know the pain all too well. Still, for many people the news of security breaches goes in one ear and out the other — we just skip to the next headline. We’re becoming immune to this reality, and that’s where it gets dangerous as a business leader.

Cyber criminals are getting craftier, and the amount of compromised data is increasing rapidly. Despite all this, most companies are completely unprepared for these types of data breaches, which pose a daily threat. Now is not the time to get complacent. Simply hoping an attack doesn’t happen to your company is not enough. It’s crucial for businesses to be proactive about cybersecurity, and put protective measures in place before disaster strikes.

A Virtual Private Network (VPN) is one of the most important tools to keep organizations protected from data breaches and should be considered a first line of defense to a well-rounded security protocol. While there are some that say VPN is dead, I disagree — and here’s why.

1. Employees Need Remote Access

In a recent study, iPass found that 52% of CIOs suspected their mobile workers had been hacked in the last 12 months. The dramatic shift across enterprise IT structure, thanks to factors like the need to connect workforces to applications in the public and private cloud, personal mobile device use, and the internet of things, has increased the need for secure remote access and integrating VPNs into software defined networks. International Data Corporation (IDC) predicts mobile workforces to hit 105 million by 2020, which will only amplify the importance of VPNs. This means a stronger focus on the end point device, which particularly needs to access data securely from remote locations such as Wi-Fi hotspots.

2. Businesses Need Access Control

Who gets access to what? That’s the fundamental question when it comes to access control. Without proper access control, the right people might not have enough access to get their jobs done…or the wrong people might have access to too much. To provide authorized access to the right person, the identity of the person or device must first be established through the use of authentication protocols, security certificates, 2-factor authentication, token authentication, etc. To determine if the device requesting access is itself not infected, tools like device management technologies and endpoint security solutions can be incredibly useful. Access control policies can then be enforced once the identity of the person and validity of the endpoint has been established. It’s important to trust your employees, both in the office and remote — but verifying and controlling who has access to sensitive company data gives business leaders peace of mind, and protects against human error.

3. Cybersecurity is More Essential Than Ever

If any of your company’s services or tools connect to the Internet, you’re leaving the door open for hackers to access your company data, and even upload malware to your network. That puts your entire business at risk if you don’t create security safeguards to ensure these tools are blocked from bad actors. With advances in technology, it is now possible to encrypt data traffic and tunnel it over the Internet to a server located in a private network. This secure tunnel creates a virtual link that extends the private network over a public network. That kind of network is called a VPN. Using an enterprise VPN allows you to conduct and establish secure communications — and prevent attacks that seek to alter or steal sensitive business data.

Finding The Right Solution

Whether you operate a large enterprise with multiple locations, or manage a small team of freelancers stationed across the globe — a VPN is a must-have to ensure that employees are authenticated and authorized to access your business data.

The right VPN solution for you should:

  • Support authentication protocols compatible with those used in your enterprise. For example, if you use Microsoft Active Directory, the VPN solution should support LDAP.
  • Support Multi-factor authentication, such as Google Authenticator.
  • Have the ability to set up fine-grained access controls at user and group levels.
  • Provide transparency by making use of open source security software that is open to scrutiny.
  • Be hardened and allow operation at scale with high redundancy and load distribution accounted for.
  • Have a VPN server that is built to run as a software service, easy to manage, and available for setup as a virtual appliance and in IaaS marketplaces.
  • Have an economical licensing model based on the number of VPN connections needed, instead of per user or per device.
  • Support both site-to-site and remote access virtual networking.
  • Have VPN clients available for mobile and desktop operating systems.

Realizing the ease and ROI, hackers are constantly looking for new ways to target email, cloud storage, financial accounts, and more. Companies must prioritize their cybersecurity footprint, and develop the right policies and protocols — before their business pays the price.

alt link text Francis Dinha is the founder and CEO of OpenVPN, a provider of next-generation secure and scalable communication services. With over 60 million downloads since 2002, OpenVPN’s award-winning open source VPN protocol has established itself as the de facto standard in the networking space.

Before he founded OpenVPN, Francis was the CEO at Iraq Development and Investment Projects where he played a principal role in architecting a joint venture to win the mobile communication license in Iraq. He has served as an architect and broadband system engineer at Ericsson, where he worked both in the U.S. and Sweden. Francis was also the founder and CTO of PacketStream, a company whose patented technology enabled dynamic Quality of Service provisioning of IP networks. Francis has a Master of Science in computer engineering from the University of Linkoping in Sweden.

You can find Francis Dinha on LinkedIn and Twitter.