Workplace modernization has emerged as an important trend impacting organizations of all sizes, in all industries, and across all geographies. The move by so many businesses to embrace modern end-user technologies is anticipated to help improve recruitment, enhance employee productivity, and may have a measurable impact on talent retention.
One of the main forces behind workplace modernization is a belief that employees will be happier and ultimately more productive if theyre able to choose the devices they use for work. Coupled with both technical and organizational support for anywhere work styles, employees are finding they have a much stronger voice in the selection of IT tooling and the accompanying workflows.
For many industries, workplace innovation started with the adoption of mobile technologies. Apple has emerged as the leading mobility solution used at work, with significant gains over its competition in both smartphones and tablets. Additionally, the Mac is growing in popularity with employer-sponsored choice programs.
Unfortunately, in an effort to move quickly, many organizations put these modern devices into production use without first ensuring they have the appropriate protections in place to keep organizational assets safe. For many, this was due to a lack of awareness of the threat landscape that put their users and devices at risk.
Endpoint security can be a complex topic, but as it relates to devices running modern software like macOS and iOS, organizations should start by practicing good security hygiene and ensure that all end-user devices align with strong and well-understood baseline settings.
In an era where technology and digital communication are paramount, complying with security standards is essential for preserving organizational integrity and managing it at scale. Businesses must define their own data security requirements, while also ensuring the organization can meet any regulatory or legal obligations. These signify an integral aspect of any organization's compliance management strategy.
So, how can organizations effectively align with these important security frameworks?
Several widely recognized compliance frameworks are available to assist organizations in following best practices and achieving essential security standards. Failure to establish and maintain secure operating standards could potentially lead to data breaches, leakage, and monetary penalties in the form of fines or settlements.
Beyond this, there's also the risk of losing customers, accounts, or even job opportunities. Establishing and maintaining security standards involves a significant effort, but doing so helps ensure organizational readiness to fend off a detrimental attack that could ultimately lead to a companys tarnished reputation.
The Centre for Internet Security (CIS)framework provides guidelines intended to support organizations in fortifying their networks and systems. Its focus lies predominantly in offering actionable, pragmatic steps organizations can employ to alleviate the impact of common cyber threats.
Similarly, theNational Institute of Standards and Technology (NIST)provides a comprehensive roadmap for managing cybersecurity risks. This guidance is based on five core functions of identification, protection, detection, response, and recovery. As a federal entity that sets the standard for US government agencies, NIST often highlights the importance of risk assessment and management, with a view toward continuous monitoring and improvement.
The International Organisation for Standardisation (ISO)also provides an important standard, ISO 27001, specifically for Information Security Management Systems (ISMS). This standard covers an extensive array of security controls, including but not limited to physical security, access control, and incident management.
Additionally, certain regulated industries must also adhere to additional specific security benchmarks. For instance, healthcare institutes must comply with Health Insurance Portability and Accountability Act (HIPAA) requirements. Similarly, educational institutions must implement the Family Educational Rights and Privacy Act (FERPA) to protect the privacy of student education records.
However, these standards are guidelines written for generic systems and not for any particular device or platform. They are best practices that are recommended and not mandatory. Additionally, for the standards to be actionable, they need to be translated to a platform and environment, and ultimately put into practice. A business needs to spend time reviewing the guidance and determining what works best for them. It is imperative to understand that the guidelines are a starting point, not the destination.
The macOS Security Compliance Project (mSCP) is an initiative dedicated to ensuring that Apple's desktop operating system, is secure and compliant with all the different security standards and regulations.
This collaborative, open-source endeavor is a macOS administrators quick reference guide to aligning well-understood standards like the CIS Benchmarks, specifically for their macOS fleet. Its the joint project of federal operational IT Security staff from esteemed institutions like the National Aeronautics and Space Administration (NASA), the Defense Information Systems Agency (DISA), NIST, and the Los Alamos National Laboratory (LANL).
Organizations can reduce the likelihood of cyber incidents and fulfill their security obligations by implementing the right controls, configuring settings, and monitoring systems. This will continue to help the companies to ensure their protection in the growing cyberspace.
Nonetheless, the evolving nature of the modern workplace to an increasingly connected mobile workforce underscores the significance of data and device security.
Additionally, with the growing prevalence of Apple technology within organizations, it is important to have complete compliance with quicker onboarding, application-specific policy enforcement, and a simplified, streamlined user experience consistent for all users, including employees, contractors, and third parties.
The first step to effective cybersecurity in an organization involves choosing the standard or standards to align with. These could be industry-specific standards like HIPAA for healthcare or generalized standards like ISO 27001. This choice will form the cornerstone of your cybersecurity strategy, informing all the decisions that follow.
Once a standard has been selected, the business can start the implementation process. For organizations utilizing macOS, a tool like the mSCP (macOS Security Compliance Project) can prove invaluable. It's also crucial to not overlook mobile devices during this process. Ensure that similar compliance standards are applied across the board, thereby safeguarding all of the organization's modern devices.
To scale this process, consider embracing tooling such as Mobile Device Management (MDM). This will facilitate the configuration of device fleets beyond a single device. The goal is to automate the setup process, eliminating the need for administrators to physically interact with every new device, and reduce the number of errors that commonly accompany manual efforts. This approach not only speeds up deployment but also ensures that IT and security do not become bottlenecks to productivity.
Maintaining these standards over time is as crucial as their initial implementation. Thus, the next step involves monitoring and auditing. Regular audits of the devices will help ensure the maintained adherence to the chosen standards. A combination of MDM and endpoint security tools can assist in establishing regular audits and automated remediation steps, to account for when devices fall out of compliance.
Adding endpoint protection capabilities to identify and stop active threats is also highly recommended. These tools go beyond mere device configuration to actively protect devices, providing a further layer of defense.
To prevent incoming risk, focus on building multiple layers of defense. These should be designed to protect devices no matter where they are used, all while considering the end-user experience. The chosen tools should not only integrate well with each other but also align with the end user experience the workers initially chose.
Lastly, adopting a holistic mindset is key. Don't just focus on device security alone. Remember that these devices are used by employees and are connected to sensitive business applications. A zero-trust strategy can be beneficial here, limiting access to business data to only authorized users on enrolled, threat-free devices. By doing this, organizations are not just modernizing the workplace but also their entire security solution stack. In this way, security becomes an integral part of an organization, rather than an afterthought.
Embracing workplace modernization means recognizing security as pivotal. From choosing applicable standards, implementing robust tools like MDM and Endpoint security, to adopting a zero-trust strategy, organizations can navigate this digitizing world. This integration of security and user-centricity enhances operational efficiency and trust, defining the successful organizations of the future.
Image credit: Wavebreakmedia / depositphotos.com
Michael Covington is VP of Strategy, Jamf, the standard in managing and securing Apple at work.
The rest is here:
Enhancing workplace security: A comprehensive approach to Mac ... - BetaNews
- Google researchers have cracked a key internet security tool - Recode [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Letter: Internet security is in jeopardy - INFORUM [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- New internet security device launched to safeguard schools against child abuse - Phys.Org [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster - Gizmodo [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Data from internet-connected teddy bears held ransom, security expert says - Fox News [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Emsisoft Internet Security 2017.2.0.7219 - TechCentral.ie [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- What you need to know about 'Cloudbleed,' the latest internet security bug - Globalnews.ca [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Google cracks longtime pillar of internet security - MarketWatch [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- BullGuard | Internet Security and Antivirus protection ... [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Internet Storm Center - SANS Internet Storm Center [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Internet-connected 'smart' devices are dunces about security - ABC News [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Derry internet security expert warns that advanced internet technology 'a risk to us all' - Derry Now [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Firewall Test, Web Tools and Free Internet Security Audit ... [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Internet security in the spotlight: How is the internet safer today than it was 20 years ago? - Mobile Business Insights (blog) [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Jim Mullen: Unsocial internet security | Columnists | auburnpub.com - Auburn Citizen [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Internet security company launches a perfume line to promote cybersecurity - Mashable [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Internet security - Wikipedia [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Are you undermining your web security by checking on it with the wrong tools? - The Register [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Bruce Schneier on New Security Threats from the Internet of Things - Linux.com (blog) [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Carpe Diem: home internet security - KFOX El Paso [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Motivation Monday: home internet security - KFOX El Paso [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Medical records of 26m patients at risk because of GP surgeries' failing internet security - The Sun [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Free Internet Security | Why Comodo Internet Security Suite ... [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Internet Security Software | Trend Micro USA [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Fix crap Internet of Things security, booms Internet daddy Cerf - The Register [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Internet of Things security: What happens when every device is smart and you don't even know it? - ZDNet [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- CUJO is cuter than Wall-E, and it's the only internet security device you'll ever need - Yahoo News [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- The Senate just voted to undo landmark rules covering your Internet privacy - Washington Post [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- What the Cloudbleed disaster says about the state of internet security - Information Age [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Google Has Declared Symantec Harmful To Internet Security - UPROXX [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Internet Security Analysts: North Korea Is Planning a Global Bank Heist - Breitbart News [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Internet Security Firm Confirms WikiLeaks 'Vault 7' At Least 40 Cyberattacks Tied to the CIA - The Ring of Fire Network [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Homeland Security warns of 'BrickerBot' malware that destroys unsecured internet-connected devices - ZDNet [Last Updated On: April 20th, 2017] [Originally Added On: April 20th, 2017]
- A Global Industry First: Industrial Internet Consortium and Plattform Industrie 4.0 to Host Joint IIoT Security ... - Business Wire (press release) [Last Updated On: April 20th, 2017] [Originally Added On: April 20th, 2017]
- Mucheru urges private sector to boost investment in internet security - The Standard (press release) [Last Updated On: April 25th, 2017] [Originally Added On: April 25th, 2017]
- Cloudflare debuts a security solution for IoT - TechCrunch [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- Russian-controlled telecom hijacks financial services' Internet traffic - Ars Technica [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- Avira Internet Security Suite v15.0.26 - TechCentral.ie [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- NSA To Limit Some Collection Of Internet Communication - NPR [Last Updated On: April 29th, 2017] [Originally Added On: April 29th, 2017]
- Report Indicates '10 Concerts' Facebook Trend Could Compromise Your Internet Security - Complex [Last Updated On: April 29th, 2017] [Originally Added On: April 29th, 2017]
- "Improving the World" through Internet Security: Chatting with David Gorodyansky, CEO of AnchorFree - Huffington Post [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Don't Fall For This Tech Support Scam Targeting PC Users - KTLA [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Yikes! Antivirus Software Fails Basic Security Tests - Tom's Guide [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Watch Hackers Sabotage an Industrial Robot Arm - WIRED [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Decoding Internet Security: Spear phishing - Washington Post [Last Updated On: May 5th, 2017] [Originally Added On: May 5th, 2017]
- From the Desk of Jay Fallis: To internet vote, or not to internet vote - BarrieToday [Last Updated On: May 7th, 2017] [Originally Added On: May 7th, 2017]
- Crippling cyberattack continues to spread around the world - Los Angeles Times [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- Cyber Security Experts: Russia Disproportionately Targeted by Malware - Voice of America [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- The Latest: 29000 Chinese institutions hit by cyberattack - ABC News [Last Updated On: May 15th, 2017] [Originally Added On: May 15th, 2017]
- Cyberattack Aftershock Feared as US Warns of Its Complexity - New York Times [Last Updated On: May 15th, 2017] [Originally Added On: May 15th, 2017]
- This week's poll: Priorities for improving internet security - The Engineer [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Akamai Releases First Quarter 2017 State of the Internet / Security Report - PR Newswire (press release) [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Do Macs get viruses? - PC Advisor [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Massive Ransomware Attack Underscores Threats To Internet Security - Benzinga [Last Updated On: May 19th, 2017] [Originally Added On: May 19th, 2017]
- Security News This Week: Hoo-Boy, Mar-a-Lago's Internet Is Insecure - WIRED [Last Updated On: May 20th, 2017] [Originally Added On: May 20th, 2017]
- Internet security firm calls for law to compel information sharing to ... - The Star, Kenya [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- Check It Out: No need to unplug after reading books on internet security - The Columbian [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- How to beat security threats to 'internet of things' - BBC News - BBC News [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Best Mac antivirus 2017 - Macworld UK [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Avira, Kaspersky Top Windows 10 Antivirus Tests - Tom's Guide [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Paranoid about internet security? Here are the most secure OS options - The American Genius [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- Blockchain Offers Hope for the Broken Internet - Fortune [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- New uses for RFID and security for the internet of things - Phys.Org [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Security Best Practices for the Internet of Things - Web Host Industry Review [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Internet infrastructure security guidelines for Africa unveiled - Premium Times [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- In addressing internet security issues, make sure to provide solutions - Minneapolis Star Tribune [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Whistic Partners with the Center for Internet Security to Extend the ... - PR Web (press release) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Internet Security Alliance: NIST framework metrics should focus on threats - Inside Cybersecurity (subscription) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- China cyber-security law will keep citizens' data within the Great Firewall - The Register [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Cyber security: Africa gets Internet security guidelines - TheNewsGuru [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- China to Implement Its First Law on Internet Security After Ransomware Attack - Sputnik International [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Decoding Internet Security: Ransomware - Washington Post [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Internet security upgrade on course - Business Daily (press release) (blog) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- What's the Safest Laptop For Internet Security? - HuffPost [Last Updated On: June 2nd, 2017] [Originally Added On: June 2nd, 2017]
- Every Day Is Internet Security Day - The Chief-Leader [Last Updated On: June 3rd, 2017] [Originally Added On: June 3rd, 2017]
- 5 Reasons why internet security is crucial in 2017 - Techworm [Last Updated On: June 3rd, 2017] [Originally Added On: June 3rd, 2017]
- Are Pop-Ups An Internet Security Threat? - Good Herald [Last Updated On: June 4th, 2017] [Originally Added On: June 4th, 2017]
- 3 Ways Software Programs Can Help With Internet Security in 2017 - Geek Snack [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]
- Inside Social Security: Make every day your internet security day - Santa Ynez Valley News [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]
- SOCIAL SECURITY: Every day is internet security day - Palm Beach Post [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]