Broker Check

Changing Cybersecurity Requirements

May 20, 2022

However companies are operating after COVID - back to office, continuing remote work or a hybrid - cybersecurity requirements for both remote workers and third party service providers must be reviewed.

For decades cybersecurity was modeled on perimeter defense - barriers and protection at company network borders. With work from home during the pandemic, the broader attack surface made this model obsolete. The new security model is "zero trust" - all networks and devices are assumed to be potentially hostile or compromised, and continual authentication and verification are required.   

Today's digital workplace includes internal systems and cloud-based services with shared security responsibilities. Companies need to Inspect or verify their suppliers' implementation and compliance with security requirements. Policies and procedures to be addressed include

  • Safeguards such as multi-factor authentication, encryption and dual controls.
  • Limiting remote access through virtual private networks or other means.
  • Standards for hardware devices.  
  • Malware protection software.
  • Advanced endpoint protection.
  • Prevent printing or saving data on local devices. If remote workers need paper records, provide secure containers and ashredders.

The definition of a data incident must include incidents at a remote workers home or other off-site use.

Since hackers are aware of the increased vulnerability of remote workers, companies must also be aware.