- Are your employees working remotely and/or using personal devices to access company information?
- Then you need to protect your business operations and your workforce safe from cybercrime.
There are two key areas that you need to address:
The policy should have clear guidelines with do’s and don’ts, covering the following items:
- Single user. The employee should be the only one using the device/laptop/cell phone. The device should be securely locked when not in use.
- Require employees working remotely to actually stay home and only connect to networks under their control. Working from local coffee shops etc, using an open or shared network should be avoided at all times.
- Keep IoT devices well away from workstations. Alexa, Google Home, Siri etc. are actively listening.
- Remote access with multi-factor authentication. If not already in place, make sure access to company resources requires Two-Factor Authentication.
- Home wifi’s used by employees must be encrypted. At least WPA-2 with a strong password.
- Define a password policy that covers length, complexity and password hygiene. Instruct your employees to avoid the names of pets, nicknames etc. Also the same password should not be used multiple times.
- Use a password manager to store passwords.
- Use secure browsers.
- Keep devices updated. Ensure automatic update is activated. Define baseline requirements for devices and ban the use of insecure devices such as jailbreaked phones or outdated operating systems.
- Make sure endpoint protection is activated and updated. Covering internal firewall, anti-virus etc.
- Avoid operating remotely as “admin”. Privileged accounts are a hacker´s first objective.
- All information should be sent encrypted. Make sure all employees know how to use vpn / virtual private network or secure file transfer.
- How employees should take action in the case of incidents or suspicious events. All employees should be informed and regularly updated on contact information to IT support, the security team etc, and how to submit reports
Your staff skills in cybersecurity and mindful use of company resources is critical.
Affordable cyber awareness solutions are available online. Make sure content covers how to ensure confidential phone use and how to detect email phishing attacks (fake COVID19 updates, unknown emails, spelling mistakes, unexpected calls etc). At this moment there are likely to be criminals trying to scam your workforce with emails and infected websites with COVID 19 “breaking news”.