Covid-19 is compelling businesses to permit employees to work from home! Some of the big tech companies that have been impacted by the Coronavirus crisis allowed employees to work remotely include Facebook, Google, and Twitter, etc. –in fact, Twitter has even made it mandatory for all employees to work remotely during these scary times.
Now, with companies trying to shift quickly to avoid extensive disruptions to their day-to-day operations, a more dangerous threat creeps in. It’s an online security threat – which is a real problem for small to midsize businesses.
Cybercriminals are aware of the panic this crisis has caused and already targeting businesses that are hurryingly shifting activities online with a lesser focus on their online security landscape. There are already disturbing reports of an increased rate of cyberattacks during this period.
From the reports, it’s evident that working from home poses more dangerous challenges for businesses in terms of cybersecurity, but you shouldn’t freak out still.
We’re aware of the benefits of working from home too and in this piece, we’re going to show you smart tips to maintain security when employees work from home to control the Coronavirus spread. Read on.
Businesses are facing one of the scariest online threats currently. If recent reports are anything to go by, the global cybersecurity spends by 2020 will be over $150 billion for major businesses.
With the Covid-19 pandemic, these figures could even double when employees are allowed to work from home. As an enterprise, you could avoid getting into too many losses due to online attacks by enforcing an enhanced security monitoring of all your devices and servers including employees’ endpoints.
If you don’t have a Security Operation Center (SOC)/Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) in place, it would be best if you got a reliable security partner that will work with your IT team to tighten the monitoring for the enterprise and business community.
An MSSP like ioSENTRIX can help you establish such security monitoring for 24/7 to help you optimize both Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) and manage online threats remotely.
A bit of awareness and basic online security knowledge is also essential during these times. The European Union Agency for Cyber Security (ENISA) reports that there has been a sudden spike in phishing attacks since the Covid-19 outbreak.
Perhaps, the best way of protecting your employees is by creating some awareness on the same. Be sure to schedule for cybersecurity awareness training if the employees haven’t had one in the past six months. Either way, you could also run a phishing campaign to simulate a phishing attack and see how your employees perform on this test. Use this data to target the weakest departments for further training.
Most importantly, remind them always not to click links or download email attachments from unknown senders or senders referencing to the Coronavirus crisis.
Your VPN structures should be able to handle outages and possible scalability issues. Importantly, you should test VPN for outages such as high availability in various regions as well as test scalability for e.g. 90% of the workforce using VPN and see if that brings any problem or not.
Additionally, mandate employees to use VPN to access the corporate network and by default connections should be re-authenticated maximum after 24 hours.
Cyber threats evolve pretty quickly. According to this report, over 350, 000 malicious programs are created every day. Much more could be created now that employees are switching to working from home to manage Covid-19 spread.
It’s therefore important that all employees use updated software stack including BYOD. They should have the latest OS patches, AV/EDR signatures, and updates installed to catch the latest threats as they evolve.
Make sure that no employee uses any local backups for important files. Most importantly, you may also need to encourage them not to use any USB drives on the devices because of the threats these tools pose.
Always remind them only to use secure and approved cloud-based backups for all the essential files.
Full disk encryption is almost mandatory if your employees work from home. It works by encrypting the entire hard drive and taking care of the OS, data files and all active software programs.
It’s necessary that if these devices get lost with sensitive data in them, no unverified user can access the confidential information in them.
You can use tools like BitLocker, FileVault or reliable third-party service providers like VeraCrypt if you use low-tiered window versions. Finally, all devices, including the BYODs, should also be enrolled in MDM/EMM solutions to make it simpler provisioning and managing multiple devices while also keeping personal data separate from corporate data.
As you shift to working remotely, employee passcode audits must also be in your to-do list. These should include all the passwords that employees use when accessing enterprise services.
All passwords should be redefined to meet the stringent security policy in your company. Enforce the use of MFA and strong passwords such as alphanumeric and special characters with 15 characters or more.
As an added measure, you may also consider using enterprise-level password managers to store your passwords securely.
In developing your contingency plan, you will need to triage all your teams. Make sure different groups share management responsibilities, and contingency plans should be put in place if crucial personnel may not be available.
Be sure to also assign and duplicate critical responsibilities like access to important resources, security code management, and tech support, etc to ensure continuity just in case one key personnel may not be available for some time.
The Covid-19 pandemic has caused a bit of panic, but we all need to stay cool at this moment if we wish to keep safe both health-wise and security-wise. Maintain the isolation to avoid the spread but also ensure all the online-security best practices are followed to prevent any cyber-attacks.
And, if you have never supported remote teleworkers before, let us know if you may need help. We have a dedicated team of cybersecurity experts that can do it for you securely.
You may contact us online via our website to schedule a free consultation.