“Set it and forget it” should not be your approach to cybersecurity
As the world turns to remote working in light of the recent COVID-19 pandemic, cybersecurity is becoming a hot topic. Many businesses were forced to adapt quickly to remote work, without a security plan in place. Other businesses were already set up for remote work, but with an uncertain timeline, some aspects of cybersecurity may not have been updated or may have been forgotten. Most businesses have their IBM Z in place and assume that, since IBM is secure, they have nothing to worry about. Unfortunately, cybersecurity cannot just be “set it and forget it.” It needs to be included in an ongoing IT plan and business strategy, even during a pandemic.
Let’s face it. There are more important issues facing businesses right now: an economic downturn, forced closures, and more. Cybersecurity may be placed on the backburner as other issues arise that are more immediate. But even in a pandemic, there are people waiting to take advantage of companies that are not up-to-date on their cybersecurity, especially as people begin to access their systems from remote work locations. For many businesses, it is not a question of if you’ll face a security breach, but when and how damaging it will be. In order to stay ahead of breaches, a good cybersecurity plan should consider people, infrastructure, and data.
In a 2019 survey, 51 percent of respondents found that it was too difficult to manage passwords and 56 percent would be happy to log in to their online accounts without a password. This causes a problem for businesses that need to secure their data. One aspect of cybersecurity that should never be overlooked is ensuring that your staff understands the importance of it. For businesses that made a rapid transition to remote work, this could mean speaking to your staff about how they can help protect their data and giving them tips. For a more established remote workforce, policies should always be reviewed to ensure that it is meeting the latest standards for cybersecurity.
It is also important to establish entitlements and privileges to employees to limit who can access confidential information. This practice needs to be constantly reviewed to ensure that past employees are removed and current employees can access the appropriate information.
Without the infrastructure in place to support cybersecurity, any efforts to protect your data will not work. Although many consider IBM Z systems to be inherently secure, cybersecurity threats are always evolving. Your infrastructure to stop these threats should evolve with them. Ensure that your system is up-to-date and that anything outdated is removed. As your workforce moves to remote work, cloud security should be a top consideration for keeping your information safe.
Finally, make sure that the data and information stored on your system is up-to date, relevant and easy-to-understand. In a security audit, businesses risk failing if the auditors find irrelevant information—or if they simply cannot understand the information that they do find. Although security audits may not be top of mind for most businesses, it represents an important consideration that should never be ignored. As businesses work on updating infrastructure and policies, they should also consider reviewing the information stored on their IBM Z systems. That way, there are no redundancies and there is more available storage space for current data and information.
Cybersecurity measures should never be established and then forgotten. Businesses should be in the habit of constantly reviewing data, policies, and infrastructure to secure their most important information. With no end in sight for the pandemic, it is especially important to update security practices to reflect this new way of working.