Are you secure enough?

Many employers scrambled to enable their employees to work from home in the past few months with the assumption that it would be short-lived. However, with the rise in COVID-19 cases across the globe and particularly within our nation, it’s now time for these organizations to review their cyber-security controls, especially since the boundaries between work and their employees' personal lives have been blurred.

Educate Employees

While it is not possible to address each point of failure, it is important to be aware of the potential issues and assess if it can be adequately addressed by your IT department. Employees are connecting over their ISPs with weaker protocols (WEP instead of WPA-2, for example) implemented on their routers. On these networks, they also have poorly managed home devices like personal mobile phones, printers, thermostats, and lights. While organizations cannot implement any controls to address this, they can create best practice cheatsheets and support their employees who need assistance such as printing on their printers or implementing stronger controls on their house networks.

Safeguard IT assets

Implement basic measures like restricting local admin rights for end-users on their PCs, disabling USB ports, encrypting hard disks to minimize the risk of data loss, and maintaining the regular cycle of patch releases for your VPN and AntiVirus solutions. If you use MS-365, leverage solutions like Advanced Threat Protection(ATP) Safelinks for URL filtering and Data Loss Prevention (DLP) settings on emails.

Create awareness periodically

Many companies have implemented warnings that tag external emails to easily identify external and hence potential spam emails. However, remember that users get desensitized over some time and ignore these warnings. Hackers can easily send seemingly legitimate, deceptive emails with malicious links and attachments. Send periodic communications reminding users to be aware of such emails, especially those that seem to come from senior management or from the IT department.

Schedule virtual “lunch-n-learn” training sessions for your employees on topics such as basic security topics like protecting their devices, software installing, password guidelines, verifying emails, and what to do in case of a cyber-attack.

Address user concerns

Make it a safe environment for users to report any incidents like new programs installed on their PCs without them being aware, PC performance slowdowns, or strange pop-up ads appearing on their screens. It is important for IT departments not to discount these reports and address each case seriously.

Mid-to-Long term strategies

Lastly, focus on strategies that need to be in place for every organization. These include Disaster Recover and Business Continuity plans that will guide in recovery efforts in case of data breaches on any remote PC. Arrange to procure cybersecurity liability insurance to help in recovery and provide peace of mind.

The lessons learned now will still be relevant once COVID-19 is behind us.

It pays to be safe in the long run, as long as you can!