In an unprecedented time in our lives, more and more workers are being asked to work from home because of COVID-19 or the Coronavirus.
It’s important for everyone to take an abundance of precautions during this time. However, if your corporate cybersecurity policy is not in place, this could cause security concerns that could be detrimental to your business.
Take a look at the following suggestions to secure your corporate data with remote workers.
Understand Remote Workers Needs
Remote workers will likely need to access your corporate network – do you have a process in place for them to do so? Do you require that your employees utilize a VPN to access your network, or are you focused on cloud technologies? What sort of internet capabilities do your employees have at home? Do you allow employees to use public WiFi?
You can improve your company’s work from a home policy with the following:
- Make it easy to safely access your company network. By keeping it simple, your IT support team will be able to focus on more pressing issues.
- Make support easy – password recovery, VPN access, etc. – ensure that your employees have access to quick answers for their security issues.
- Backups are vital. This is a great time to review your business continuity plan.
In general, the higher you can move up the stack in remote access, the more secure you are going to be.
Enforce Corporate Security Policies on Company-Owned Devices
While you should have basic IT controls in place, there are a few extra items to consider. Whatever your organization decides to enforce, be sure that it is simple – or your employees will skip it. If your security requires employees to take 50 steps, be aware that 47 of those will be skipped.
- Multi-Factor Authentication is key – Consider adding 2FA or MFA and make it mandatory on company-owned devices.
- Use cloud technologies – Cloud Technologies or SaaS products have evolved their security as more and more organizations have moved to the cloud. With a cloud data security policy in place, you can ensure that data protection even more.
- Implement robust password policies – Whether you decide to require a password manager or make sure employees change their passwords often, be sure they understand the importance of using different passwords for corporate instances compared to their personal needs.
Physical Security of Company-Owned Devices
While it recommended that we stay in our homes during this time of social distancing, some employees may prefer a restaurant, coffee shop, or library to complete our work. Even if your employees are working from home, consider telling them to act as if they are still in their office environment.
- Lock your device when they are not in use – even at home
- Don’t leave company property unattended – Take your laptop with you to pick up your order at Starbucks.
- Always be on the lookout – even a house guest could potentially make themselves at home on your company laptop.
- Use privacy screens – Don’t let your work pique the interest of your neighbor.
- Employees are responsible and accountable for company property – Treat it like it’s yours and protect your devices. Report any devices that are lost or stolen immediately.
- Don’t mix work and personal usage on company-owned devices. It’s tempting to let your kids use your company laptop or to send an email to your personal email from your work email. Your work machine should not be used for a family computer. While you may need to occasionally check personal email, this is an exception. If you forward a work email to your personal issue, you are opening yourself up to litigation issues that could open all your emails up to investigation.
- No USBs – USBs are poor means of sharing data. CISOs should make sure you are able to share and collaborate data without using USBs. Restrict and monitor USB usage – there really is no need to use them.
It will be easy for your employees to get lax on these policies, be sure to find a way to remind them of the importance of safeguarding their corporate data. All it takes is just one employee doing one wrong thing that could expose an entire company’s data.
Beware of the Increase of Phishing Campaigns
The world is watching this unprecedented virus outbreak, and that means hackers are trying even harder to get your data.
“There are nation-states that are actively taking advantage of the situation, particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting,” according to Tom Kellermann, who served on a presidential cybersecurity commission during the Obama administration
Education should be a priority to ensure your employees are aware of the increase of potential phishing emails. Here are a few important items to consider:
- Be realistic – Your CEO probably isn’t going to email you from their Gmail account to request a large money transfer.
- Beware third-party supplier emails – Always verify that the requested information is from the actual source and isn’t a scam. Ensure that you have confirmed the requested information from other sources rather than clicking on the potential phishing email.
- Do not fall for a sense of urgency in potential phishing emails.
- Teach your employees how to inspect a link before clicking.
- Avoid opening email attachments that will open a macro – Consider the Ukraine Electric Grid attack. Like most targeted attacks, the Ukraine power grid attack began with a phishing email containing a malware-rigged attachment. Read more
- Don’t allow working remotely to reduce your communication – consider using Slack or Microsoft Teams to be able to chat with your coworkers quickly and easily.
When you receive an email from an unusual source, always verify and then trust. Stop, think, don’t click that link.
Protect Endpoints from Malware
Our main recommendation is to make sure your users have endpoint protection on their company-owned devices. Don’t let your users have a false sense of security – Not all computers are installed with endpoint security. No matter which endpoint protection solution you have, make sure it’s up to date and monitored consistently.
When your workforce is sent to work from home, they have to work with what they have. Imagine having the potential of utilizing AI or artificial intelligence to be able to detect any potential cyber threats and your team has the ability to stop malware in its tracks – before it can do any damage.
Consider Managed Detection and Remediation
Our expert security analysts monitor and record all the events that occur on your endpoints. Our team focuses on relevant threats that attempt data exfiltration or modification.
When files attempt to execute these suspicious processes an alert is triggered and the attack is halted in real-time. When a credible threat is detected, our system will retrieve the process history and our team will analyze the chain of events in real-time and determine the validity of the threat.
You’ll receive the alerts when threats are detected along with advice and insight from our cyber security team to help you mitigate and respond to the threat. Once identified, the malicious activity is immediately stopped in its tracks and our team guides you through the remediation. This remediation process provides astonishing insight into the data of the threat.
You’ll be able to help your organization reduce their attack surface by learning how you’ve been compromised. Learn more about MDR here.
Review your policies and keep it simple – remember employees still need to be productive while working from home. Make sure your corporate systems are easy to use. When routines are upset, security is often an early casualty.
A dose of prevention is always worth a pound of cure. Consider Managed Detection and Remediation and secure your remote workers today.