What is your current cybersecurity posture? In other words, how is your organization currently defended against cyber attacks?
Cybersecurity is an important topic for organizations at any time, but with the recent COVID-19 pandemic combined with the work from home (WFH) movement, organizations are experiencing additional requirements and changes to accommodate for this “new normal.”
To take these increasing cybersecurity needs a step further, we must acknowledge that the new normal we’re experiencing will continue to change and transition as the novel coronavirus crisis ends. This new normal is likely not temporary, but instead, the beginning of an accelerated, ever-changing new normal. The cybersecurity needs we face today will continue to evolve even as many of us return to our offices because how we view work will not be the same.
To move forward during and after this crisis, we must focus on improving our cybersecurity posture by going through the following actions:
What needs to be tested
With hackers regularly exploiting vulnerabilities in VPNs, IT teams need to test the security of VPNs and other remote access solutions. Likely, they will need to continually patch these systems to ensure they are protected against bad actors.
When the IT team tests the security of the remote access solutions, they need to ensure they are sized appropriately to support the remote workforce. In doing so, they may need to work with the company’s Internet Service Provider to increase the bandwidth.
What needs to be reviewed
Since your organization is likely experiencing the WFH environment for the first time, it’s a great time to update your disaster recovery plan to ensure business continuity. During this process, be sure to review internal and external change factors, back up your data, review recent incidents, and update employees on any changes.
It is also important to review your company’s devices. Are they being used remotely? Are they unused at the office? Are they being used in conjunction with your employee’s personal devices? Are your employees using personal devices instead of company devices?
Looking deeper at how your employees use devices to WFH, what connections are they using? Are any connections or options enabled that should be disabled to increase security?
While answering these questions is time-consuming for your enterprise’s IT team, they are important to answer in order to prevent potential vulnerabilities.
What needs to be implemented
Many employees are resistant to maintaining strong passwords, whether they are working in an office building or from home. Unless your organization’s system requires passwords to include a specific amount of capital letters, numbers, and symbols, as well as prompting users to update them frequently, your company is at risk for a breach.
To mitigate this risk, your IT team can implement multi-factor authentication. This is especially beneficial for employees who are using their own devices to WFH, as shown in the above image.
With a distributed workforce, it’s important that your cybersecurity team develops a process to conduct security patch activities, coordinate remote access with users, and implement workarounds for issues that arise in a quick, effective manner. This requires open and consistent communication between your cybersecurity team and your employees.
One critical software installation for remote workers is endpoint protection software. IT teams should ensure that employees have endpoint software solutions, such as antivirus, installed on their company devices, as well as personal devices used for work. The IT team may need to help users install the software, especially if they have been working from home without this vital protection.
What needs to be shared with employees
Email phishing has increased during the COVID-19 crisis, so it’s important to inform employees to be wary of opening emails and clicking links within emails. It’s also important to educate them on how to alert your IT team to potential threats and questionable emails and links. By making this communication process easy, your team will be more likely to alert the IT department of more potential threats rather than disregarding the possibility.
Throughout the process of updating your cybersecurity policies, it’s vital that you update your written policies and send updates to all employees. It’s also a good practice to consistently remind employees about these policies. After all, your employees are a primary line of defense against potential threats.
Does your organization need help creating or updating your security program strategy? We can help you stay one step ahead of today’s cyber threats.