Security awareness within organizations is increasingly getting the attention it deserves, with awareness that the user is the weakest link in the security strategy growing across the enterprise.

This growing awareness allows users to better deal with the threats they face every day, both in their professional and private lives. The telephone has become our personal exchange, with which we (can) connect with literally everything and everyone, both professionally and privately, and it is therefore impossible to imagine our everyday life without it.

User guidance and education is becoming commonplace and can be very effective in fostering a security culture that results in risk reduction and critical data being kept safe.

While some organizations have adapted and made rapid strides in the transition, others still find it nearly impossible to protect corporate data from threats targeting home and remote workers. Attackers have also noticed this and are attacking these groups with newer, more sophisticated attacks.

It’s often forgotten that hackers are no longer pimply teenagers tinkering around in mom and dad’s basement. In 2023, these are “professional” organizations, often specialized in one aspect of a cyber attack, roaming the IT landscape without compassion.

Modern workers have adapted well to the remote work environment and continue to prove its benefits in terms of productivity, meeting efficiency, talent acquisition and reduced operational costs. To continue reaping these benefits and retaining talent, leaders must accelerate the transformation of organizations into remote-friendly environments designed for employees to thrive.

Stay current on the changing threat landscape

Just as the modern work environment has changed dramatically, the threat landscape is also constantly changing. Bad actors were encouraged to come up with smart, new ways to continue targeting devices and users in search of valuable corporate data. Chat GPTx and other AI programs are also used for malicious purposes.

The philosophy of the providers is based on well-meaning users who want to make their lives more pleasant, easier and more pleasant through digital technology, but humans are not a homogeneous group. There is always someone who would rather leverage the work and efforts of others than roll up their sleeves for something positive.

The philosophy of security organizations matches (or at least should match) the vendors’ starting point that puts the user first, but assumes a dangerous world (zero trust) to keep those very people and threats away from users and data.

Data security is critical for businesses, not only to ensure business continuity and compliance, but also to protect user privacy. Policies must be strong to prevent leakage of protected data types, such as B. personally identifiable information (PII), or the risk of liability (NIST2).

A security strategy is not a product but a process. The well-known onion, where different layers of security protect against different types of threats, customer knowledge/skills/experience and risk profile should be the focus. At most, products specify the customer’s schedule and priority to achieve the desired level of security.

At the same time, there is the everyday reality where IT teams still have to solve too many ad hoc problems with too few people, sometimes blurring behavior and making hackers more likely to break into sensitive data. Automating standard processes can be a solution here, as users are simply the weakest link.

Don’t forget the basics

When planning the implementation of a security strategy, companies should not lose sight of the basics. They should start their security journey by evaluating best practices and defining “must-have” requirements to acquire solutions that don’t impact productivity and work seamlessly with and for the ecosystem of the device they use.

Organizations should consider how to ensure proper device hygiene and promote security best practices. For device and data security, using a device management solution that ensures the organization can configure settings, enable key security features, and erase content in the event of a stolen or lost device is critical.

In addition, the employees’ devices must be secured continuously and not just when they are first delivered. IT teams must be able to conduct ongoing security and compliance reviews without unduly compromising user privacy. A security tool that works on any employee device and is managed from the same portal to protect desktop, laptop and mobile users can save IT teams additional administrative work.

A good security strategy that can address both external cyber threats and risks related to user behavior best provides holistic coverage of security requirements. After all, you don’t know what you don’t know, so what you need to protect a user, endpoint, and data against tomorrow and next week.

This is where the role of the security organizations lies, where the challenge is that it is usually a little tense to talk about with the customer. Finally, the responsibility is to say what’s needed, rather than what’s cool to have.

This is a post by Arnold Bijlsma, Security Manager at Jamf. Want to learn more about how to protect your business and mobile devices from tomorrow’s threats? Visit Jamf at the CyberSec Europe event at Brussels Expo on April 19-20, booth 07.B052. Here the company holds several meetings daily at 10:30 am, 11:30 am, 2:00 pm, 3:00 pm and 4:00 pm. Sign up here to secure a spot.