Top Cyber Gaps in 2021 and How to Avoid Them

By Freya Buss | Tuesday, January 5th, 2021

The cybersecurity threat landscape is constantly evolving and the coming year is going to be no different. 2021 will be crucial when it comes to how we respond to the past year's upturning and near dismantling of the way we do business. The following areas represent some of the most valuable potential security gaps to address for your business' safety going forward.

Taking Cybersecurity Home

Home networks and the internet of things, without proper monitoring, represent a major security gap wedged open all the wider by the onset of the COVID-19 pandemic. (Read: The Rush to the Edge) The devices in our homes are proliferating faster than ever. It's not just the ones you access your email on anymore, like your phone and your laptop; it's your "Alexa" and all the lightbulbs she controls, your doorbell, your baby monitor. And, with lockdown conditions shifting since last March, it's your kid's virtual classroom, your spouse's job, your mother's click-happy desktop computer. When all of these potential entry points are connected through the same network you use to conduct your firm's business, it puts the security of the whole firm at risk. Thus, containerization is an invaluable focus for your organization's security roadmap, as well as device management and multifactor authentication.

Protecting the Empty Office

We may be heading back into our offices in the year 2021, but it won't be immediate, and it won't be particularly simple. Now that the workforce is more locationally flexible, new gaps open up in the form of devices traveling into and out of the office space, potentially decreased physical security at office sites, and user error and confusion when it comes to complying with company security policies. Another risk while most employees are still working from home is that they will be more vulnerable to social engineering and phishing attacks, because it's harder now to know everyone at the company well enough to catch spoof emails sent in their name. The best way to protect your company from falling prey to these sorts of attacks is to educate users so they know what signs to look out for.

Shedding Light on Shadow IT

Security experts talk about shadow IT, the phenomenon of employees working outside of the constructs of organizational policy--not for any malicious reason, but purely out of convenience for the sake of doing their jobs as best they know how. However well intentioned the use of Whatsapp as a collaboration platform may be, the risk of data loss, corruption, or leakage is substantial, and it is in everyone's best interest for the organization to rigorously maintain boundaries between work applications and play applications. There are many ways to collaborate within the strictures of a safe network. It is the job of the organization to ensure separation of home and corporate devices, or else use an encapsulated system such as a virtual desktop infrastructure to keep corporate data safe.

Training the Risk Away

Shadow IT is one of several risks that can be mitigated with proper training and tabletop exercises. When cyber incidents do occur, the way they are handled makes a big difference in how badly your firm is affected. Making clear the security roles and responsibilities to everyone at your firm before a threat arrives is imperative for successful incident response. The last year may have posed a challenge to your firm's current security training regimen as you rushed to meet the demands of a newly distributed workforce. Have no fear! Simply amend your trainings to include home working scenarios, and make time for delayed trainings or tabletop exercises that may have fallen by the wayside in all the year's turmoil. The work you do to educate your employees now will be invaluable in the new year as you explore what new challenges there are still to face. Also, the more consistent and clear you can be with your policies, the safer you can keep the return to the workplace (or to a semi-centralized workforce, if you go that direction.)

Addressing Third Party Weaknesses

Gaps incurred by vendors and other third party organizations may go unnoticed without regular due diligence. Of course your firm has always vetted third parties to ensure they won't pose a risk to you or your clients, but just one certification won't do. This year has been hard for everybody, sending security professionals at every kind of organization scrambling to keep up with increased threat levels and a departure from their accustomed level of control. If this process has left one of your trusted partners vulnerable to cyber attacks, you need to know about it. Regular assessment and recertification of your vendors is crucial to your own clients' security.