Corporate devices and data extend beyond the physical business perimeter, and increasingly appear in the home network — a network that is out of management scope by your security team. As a result, maintaining visibility and control over the corporate-owned devices is necessary to ensure protection of your data. While this requires a delicate balance to remain sensitive to the privacy of personal devices and personal networks, it’s essential that the endpoint and the data are treated as perimeters in and of themselves.
While measures like multi-factor authentication aren’t perfect, these basic best practices are essential, especially for the board/C-suite who often opt-out of the requirement as a matter of convenience. Beyond Multi-Factor Authentication, other security fundamentals include adopting modernized password practices, reliably deployed and configured endpoint security software, and embracing Zero Trust and Data Loss Prevention as you mature your organization.
It’s also critical to raise awareness throughout your organization around common CEO-spoofing campaigns for smshing/vishing and other social engineering attacks, as exposed CEO data – and public info from social media posts – can make for a very convincing lure to dupe victims.