7 TIPS TO REDUCE REMOTE WORK SECURITY RISK
The Coronavirus outbreak has blown the lid off the gaps in various systems and jolted us to the reality of their vulnerability. Remote working is not entirely a new phenomenon. Many companies have been allowing it to a limited extent. They even have certain safeguards and protocols in place to ensure cybersecurity. However, most organizations were not ready for the sheer unprecedented scale and suddenness of the shift towards remote working in the wake of this pandemic. They were not prepared with the infrastructure for it. The pandemic has also resulted in a cyber crisis and has unleashed a wave of cyberattacks.
Organizations must take measures to protect their corporate assets without delay. Here are seven tips to reduce remote work security risk and deal with this cyber crisis:
- IT INFRASTRUCTURE ASSESSMENT:
Take stock and collect a complete inventory management of company-issued laptops, personal laptops, mobile phones, and other devices that employees need to use to work remotely. Authorize only those devices to connect to company servers and systems. Company network connections must require virtual private networks (VPNs) and two-factor authentication.
You may have to reconfigure networks, firewalls, servers, and collaboration tools to accept remote internet connections. You may also have to look into purchasing additional hardware for your on-premise systems or move to a cloud-based server to accommodate the strain of remote working.
- APPLICATIONS AND DEVICE ENCRYPTION AND SECURITY:
Arm devices with firewalls. Instruct employees to install security patches. Endpoint Protection and Security (EPS) software must be updated on all endpoints. Ensure that all hard-drives, external hard-drives, and USB drives are company-issued and encrypted. Disallow the usage of any storage devices that are not company-issued. Provide your workforce with licensed and secure conferencing, file-sharing, and collaboration tools designed for enterprise-level communication.
Arrange for remote wipe capabilities for devices that may get lost or stolen. Use Data Loss Prevention (DLP) software to prevent data exfiltration. Employees must backup their data to company servers regularly. Periodically, companies must test their backup restoration systems for reliability.
- BUSINESS CONTINUITY PLANS:
Business continuity plans should make provisions for cybersecurity. Ensure that you have more than one secure communication method to reach remote cybersecurity employees and other key staff in an emergency. Companies should back up their existing cybersecurity staff by establishing service level agreements with remote cybersecurity and IT providers. These providers should be able to support remote operations at the required scale for several weeks.
- TRAINING AND AWARENESS:
Educate your workforce on cyber threats such as phishing and fraudulent emails and unsolicited customer support phone calls or solicitations from charities, especially in the wake of the COVID-19 virus. Train your workforce to recognize and prevent these threats and use remote collaboration tools and technology securely.
Most home routers allow users to configure them to create a separate network for their work computers. Employees must take this measure to prevent cyber-attacks that may take place via personal devices and computers of their family members. employee time tracking system
Stress the importance of dealing with even familiar email addresses with caution. Cybercriminals are known to make minor, barely detectable changes in email addresses such as swapping a lowercase alphabet with an uppercase one, which one can easily miss if they are not careful. Lay down protocols for remote workers to authenticate each other using secure methods to prevent any unwanted leakage of critical information.
Arm your workforce with resources such as self-service guides, videos, and FAQ documents to alert them about security threats and outline best practices.
- PROTOCOLS AND BEHAVIORS:
Establish a remote work policy and lay down guidelines that explicitly define secure procedures for remote working. Setting up protocols and behavioral guidelines will help your cybersecurity personnel to detect any anomalies as they monitor VPN and remote access logs.
Restrict data access to only those that need it. Create “working hours” even for the remote workforce. Decide a cut-off time during the day post, which sensitive data and systems cannot be accessed. Companies that do not have a global, widespread presence may consider restricting system access to specific networks and locations to limit internet exposure.
Employees must use digital conferencing and collaboration, and document-sharing platforms with caution. Calendar invites must be password protected. Meeting hosts must take attendance to rule out any unwanted participants.
- CORPORATE CRISIS MANAGEMENT PLANS:
In the event of any corporate crisis, the leadership and security personnel must be able to have continued secure access to the tools they need if they are quarantined or working remotely. Emergency escalation procedures, trained backup personnel, succession plans are crucial elements of effective crisis management.
Given a crisis such as the COVID-19 pandemic, you may consider keeping tabs on the location and the health of all your employees. It may be worthwhile to create a channel- an application, phone hotline, or a secure email address, for the employees and the leadership to communicate specifically regarding the crisis at hand. Workforce messaging must keep employees informed and educated about the threat of cyber-attacks during the pandemic.
- ACCESS AND SECURITY MEASURES FOR HIGH-RISK WORKFORCE:
Among all employees, C-suite executives and finance personnel are more vulnerable to cyber-attacks. They must be armed with upgraded security measures to mitigate any risks, and appropriate access limitations must be applied as well. A common way to compromise systems of C-suite executives is by circulating false information about the executive or his or her family member being under some danger or threat. Such information must be verified thoroughly before taking any action.
Finance personnel must exercise extreme caution and authenticate all emails, payment links, and fund transfer requests. Procurement managers must share contractual and confidential data carefully using a secure internet connection and document-sharing platform and use only company-issued, encrypted USB drives. They must beware of suspicious emails and attachments that seemingly include purchase orders or invoices from unknown vendors or imposters of known vendors.
Much like the COVID-19 virus, when dealing with cyber-attacks, prevention is better than cure. The importance of undertaking these cybersecurity measures cannot be stressed enough. We are moving towards a future where remote working might become a mainstream reality. These security measures are not just important for the moment but even in the future.