As part of CDW’s cybersecurity team, I often have the opportunity to visit with our customers and help them identify gaps in their security programs. CDW offers a variety of security assessments that help organizations shore up their cybersecurity weaknesses.

I’ve performed dozens of these assessments, which provides me with a unique vantage point on the state of cybersecurity across different industries and organizations of various sizes. With that perspective, I’ve seen four common threats that continue to pose significant risk to cybersecurity programs.

Recently, I had the opportunity to help a CDW client in the legal industry assess the current state of its cybersecurity program. The firm had a good grasp on cybersecurity issues and, in fact, had many effective cybersecurity controls in place. I’d definitely consider the firm far along the cybersecurity maturity model.

Like many organizations with mature cybersecurity programs, the firm wanted to get an outside assessment of its controls to uncover any gaps its security personnel might have overlooked internally. We spent a few days conducting a penetration test to provide the firm with an attacker’s view of its network.

Earlier this year, I broke into the network of a large teaching hospital located in a major U.S. city. It wasn’t difficult, and I did so without using any sophisticated technical skills. My weapon of choice? A dress shirt and a pair of khakis.

Dressed like your typical IT professional, I walked the hallways of the hospital carrying a laptop, looking for a target. I found a maintenance technician repairing a section of the floor and approached him, saying, “Hi there, I’m Mike from IT, and I’m trying to fix the network. I left my badge downstairs, and I really don’t want to walk back there. Is there any chance you could let me into this network closet?”

“Sure, buddy, no problem,” he replied. He stood up, walked over to the door and swiped his ID card, letting me into the network closet. Once I was in, I quickly attached a small device to the network switch that opened a reverse connection, giving my entire team remote access to the hospital’s internal network. Now, let me explain myself. I’m not a criminal — I’m a penetration tester with CDW’s Amplified Security services team, and organizations around the country hire me to perform tests just like this one. I work to help business and technology leaders understand the risks facing their organizations and develop strategies to better secure their networks, systems and people from attack.

Recent events turned our working lives upside down. With very little notice, millions of people around the world were sent home from their offices to suddenly adopt a remote work lifestyle. Four months into this adventure, most knowledge workers have adapted to working styles that replace conference rooms with video meetings and coffee chats with virtual happy hours.

I believe that we’ve arrived at a new normal where remote work will become a standard arrangement for knowledge workers. Both companies and employees will benefit from this approach. While employees can better balance their lives, companies will be able to reduce overhead expenses by consolidating and eliminating expensive physical offices. This work style comes with new cybersecurity considerations, and I urge organizations to adopt six key practices to adapt to our new working patterns.

I have a unique perspective on healthcare cybersecurity, having spent the beginning of my professional career as a practicing nurse and later moving into cybersecurity consulting. That perspective helps me critically examine the security programs at the many hospitals, physicians and other provider offices that I visit as part of my CDW practice. During conversations with healthcare IT teams, I’ve identified three crucial best practices to protect patient information: vulnerability assessments, penetration tests and incident response playbooks.

Let’s explore each of these critical topics.

Vulnerability scanning, penetration testing and red teaming each play a vital role in an organization’s security program. It’s important that technology leaders understand the different roles they play so they may combine them in the manner most effective for their organizations.