By Serge Arsenault, Director, Information Security and Privacy, CSO (samurai 侍)
Cyberattack, whether in the form ransomware, denial of service (DoS), or any other malicious attack, seeks to unlawfully access data, disrupt digital operations or damage information. The cyberthreat landscape is ever-changing, and these bad actors are more sophisticated than ever. The proliferation of hybrid work has led to new vulnerabilities that even the best gateway security can’t address on its own. As the cost of breaches continues to rise, there are increased regulatory requirements surrounding data privacy and data use.
It’s no surprise to us, given the current state of things, that you’re concerned with data governance. As a Beanfield client or partner, you’re not only interested in how we store and use the data that you share with us; you also want to know what we’re doing to keep that data safe. And today, we’re proud to share that with you.
This Spring, Beanfield is building a human firewall.
Cybercriminals know it’s easier to trick people than break through security technology. This means our employees are all at risk of being targeted. So, we have teamed up with KnowBe4 to provide an online training program to all Beanfield employees. This program will educate our teams on various cybersecurity topics, all of which boil down to one central concept: being a human firewall. Human firewalls use the fundamentals of security awareness to prevent incidents and avoid the countless threats that we face at work, at home and on the go.
This training doesn’t end once the employee hits Submit on the final quiz. KnowBe4 will actually launch simulated phishing attacks to test Beanfield’s “graduates” (don’t worry, it’s just a drill!). From there, a risk score is ascribed – if any Beanfielders engage with things they should have recognized as suspicious or potentially malicious, they will be offered additional training. Ultimately, we’ll empower each and every Beanfield employee to protect themselves and the organisation.
Moving towards Zero-Trust networking access
“Zero Trust” is an IT security model that assumes threats can exist both inside and outside a network. This is a prudent assumption to make, particularly when users are accessing network resources via their own devices – a malware-compromised endpoint can then infect an entire network. To counter this vulnerability, Beanfield’s security framework will include continuous validation of every user and every device before they’re granted access to network resources.
At the user level, Beanfielders will have two-factor authentication, and they’ll need to make sure that their devices are approved and secure. On the plus side, signing in through a single point for access means a simplified authentication process to access the various Beanfield systems they’re entitled to, once they’re “in”.
At the IT level, Beanfield will be constantly evaluating and authenticating users by having them sign in through a centralized authentication system. This gives Beanfield a complete audit trail; in other words, it allows Beanfield to see what resources a user is accessing, and spot suspicious behaviour. We will also assess the security posture of the users’ endpoint devices while they access network resources.
We’re confident that these initiatives will make Beanfield’s cybersecurity more robust against the current cyberthreat landscape. This multi-pronged peripheral monitoring approach is a response to the evolution of how we work and how cybercriminals operate. We are proud to share our efforts with you, as we strive for better transparency about our data governance.