Many companies have long ago issued endpoint devices such as cell phones, tablets, and laptops to users, so during the pandemic, employees that worked from home were logging into a company configured and secure device. For the other organizations that favored BYOD and allowed any device to connect to their portal, there are cybersecurity issues. We have seen companies open their policies to the BYOD concept, however, the enterprise sets up the configuration and rules on those devices. Then the hybrid remote worker gets their favorite brand endpoint, but with limitations with data security configurations and applications. The last scenario where any infected and key logger endpoint device that has no cybersecurity configuration is allowed to join a domain is asking for trouble. At an international cybersecurity seminar today, the SMEs were complaining about the same Remote Worker scenario. But stop. Think.
Their system architecture allowed for the data security hole. Now they are going to complain that it has been exploited by their own employees and third-party vendors. At the seminar, the NIST CSFs and the Zero Trust Security Model (ZTSM) were quoted at least 50 times. Maybe we need to go back and revisit the NIST and ZTSM basics. Remember, if there is not some complexity to login, device and bio authentication and least privilege concepts to getting access to the data, there is no layered data security. How some of these companies maintained their CSFs with data security holes this year is a mystery.
ISO and NIST certified TechR2 works both in the United States and internationally to help our clients protect their business and customer data.