In the business world today, we are plagued by privacy and cyber security challenges. And the threats show no signs of dissipation. It’s a new state of being that requires resilience and preparedness across the corporate world.
We asked our top security experts to share their wisdom on what organizations can do to both prevent cyber-attacks and to handle them better when they do occur. Here are the 6 security questions you should be asking in your company, followed by our Pexip experts’ best advice:
Do you know what secrets your call detail records are revealing about your company?
“Protecting your confidential information is also about protecting all the data surrounding that meeting, such as who is meeting whom and when. This is in your call detail record (CDR), and organizations should be aware of every external location that may have access to CDR metadata and hold those service providers accountable. Make sure that your data, if it is located externally, is stored in a secured cloud environment, such as a FedRAMP-compliant cloud service. Validate that your service providers include metadata, including CDR data, in their data security policy, and ensure that said policies match your organizational risk profile.”
- Joel Bilheimer, Chief Information Security Officer - Americas
When a crisis hits, what’s your business continuity plan?
“When a crisis does hit, it’s important that employees are aware of the business continuity plan in place and the back-up solutions that are available. Ask yourself, how will you communicate with your organization if you’ve had a massive systems failure? Communications is one of the first things you must ensure in the event of a crisis. It’s of course important to think about recovery and back-up, but what about continuing business through the crisis? That means having tools that allow people to talk to each other. This is the essential if you are providing a critical service, such as the power supply, to a country.”
- Geir Aasen, Chief Information Security Officer
Have you considered increasing data sovereignty regulation and how it impacts your communication and collaboration tools?
“Protecting citizen data is at the core of the increasing prevalence of data sovereignty laws and regulations around the world. This is something that organizations must grapple with, as they are compelled to take back control of their data. For Pexip, as a video solution provider, we are seeing an increased interest in moving video communication data on-premises or into a private cloud. This gives enterprises much more control of their data while restricting the movement of that data across borders – thus ensuring compliance with local laws.”
- Thomas Edberg, Vice President CTO Office, Pexip.
When your communication and collaboration systems go down, do you have an alternative solution ready to go?
“The key to maintaining productivity amidst an outage or other system disruption is to have collaboration and communication solutions in place that will persist no matter the situation at hand. It’s also about ensuring smooth transition to an alternative solution or network during the crisis, which means that your employees must know about it and understand what to do. Taking these steps now will help minimize your productivity losses later – keeping your employees productive and your customers happy as you solve the issue.”
- Geir Aasen, Chief Information Security Officer
Is your video platform secure enough for your most confidential conversations?
“We live in the age of cyber-attacks – as much as 3,900% increase according to Gartner. To protect your confidential video meetings, it’s important to evaluate where your meeting data is stored and what your meeting platform does to reduce the risk of uninvited guests. Many of the video apps that are widely available are well-suited to the exchange of non-sensitive information. But the reality of corporate life is that confidential information must be exchanged over video sometimes, and for that, you need a platform that will give you the security control you require.”
- Thomas Edberg, Vice President CTO Office
How can a zero-trust environment protect against threats coming from inside and outside the company?
“In a typical zero-trust environment, users must sign into the company’s identity provider through some kind of multi-factor authentication method. Once authenticated, organizational policy then explicitly authorizes users’ access only to the data that is crucial for their work. User sessions are monitored for suspicious or malicious activity – keeping in mind that the users themselves may be the source of such activity. And when detected, the threat response deploys in real-time.”
- Joel Bilheimer, Chief Information Security Officer – Americas
- Meet & collaborate securely
- Secure meetings
- Secure collaboration
- Business continuity