With social distancing and Stay at Home Orders in full effect, organizations have been forced to enable a fully remote workforce. Ready or not, most teams are now partially if not fully working remotely. However, the rush to remote working can create cyber-security threats. Here are the 3 things you should be focusing on.
- Endpoint Security
You’ve sent your team home with laptops, desktops and other devices that are connected to your network. Are they secure? We recommend having in place these security solutions:
- Malware and Anti-Virus prevention to stop computer viruses and malware threats. Yes these tools have been around forever and Yes you still need them. Make sure your anti-virus and malware prevention is deployed and running on all laptops and desktops. Widows Defender is built into Windows 10 for free. Malwarebytes offers a free personal use anti-malware tool that works well with Windows Defender.
- Full-disk encryption ensures that even if the device falls into the wrong hands, the company’s data is not accessible. Windows 10 has built in device encryption.
- Multi-factor authentication (MFA) grants access to a place, solution, device or other specific pieces of information only after two forms of “identification” have been presented. As organizations grow more digitally connected MFA can ensure that a “hacked” password or a lucky guess does not immediately grant access of your network to the “bad guys”. As there may be pressure to deploy a solution, an app-based solution removes the need to procure and distribute hardware.
- A good standard security policy is the Principle of Least Privilege, allowing users access to only what is necessary. Check with your I.T. team to make sure that only those who you deem it necessary have access to all accounts, critical servers, or sensitive data.
- Control Access
Access to your organization's internal network may be needed for your remote workforce unless you are 100% “in the cloud.” We recommend you always use a VPN to connect remote workers to the organization's internal network. This will prevent man-in-the-middle attacks from remote locations. Keep in mind that working from home your data is now flowing over a public network. When an offsite employee sends data through a VPN, it is encrypted, so even if the hacker does intercept it, they will not be able to use it. The initial investment needed to set up a VPN is minimal and allows an organization to easily scale as it grows. If you are looking for some great Free Tools to enable remote work collaboration, outside of your corporate network, see our prior blog post.
- Reinforce Security Norms & Stay Alert
Unfortunately, amid the pandemic, we have seen an upswing in COVID-19 scams in circulation. Anything from vaccines, to face masks, to pleas for donations and fake government warnings are all potential profit for some hackers. Inside the comforts of their home, your team may be more likely to click on a malicious link. Now would be a prudent time to offer a refresher course to help avoid the human element that cyber-criminals try to exploit. Here are 5 things your team should be focused on following, courtesy of KnowBe4:
- Strong, unique passwords – Create strong passwords by using passphrases or numbers, letters, and symbols. Use a password manager to keep track of them all. If a criminal figures out your personal password, and it is the same as your work password, they may be able to access the company’s systems (and vice versa).
- Watch your personal information – Do not share any personal information including social security number, credit card or banking information unless you know it is a confirmed, secure source.
- Lookout for red flags – Don’t click on anything without first checking for red flags. Criminals take advantage of times of crisis to do their dirty work. We will see an escalation of mischief. Therefore, phishing emails, smishing SMS/texts, and vishing calls will be on the rise. Before engaging with any communication, take caution and stop to ensure that it is from a secure, known party.
- Use secure WiFi – Trust only known and secure WiFi connections when dealing with sensitive data like financial info. If using unknown/unsecure WiFi is really unavoidable, always make sure you have a VPN installed and turned on.
- Ensure mobile security – Don’t let your guard down because you're on a mobile device. Be just as careful as you would on a desktop! Some ways to stay safe are to not respond to voicemails or calls asking for your financial info, or to not trust text messages that attempt to get you to reveal your personal information.
Please stay safe and informed as we navigate a world with COVID-19. If we can help answer any specific questions, we are happy to help! Please email firstname.lastname@example.org