Easy-to-Follow Tips for Working Securely from Anywhere
The sudden advent of the COVID-19 pandemic on the global stage meant a lot of different things for different people. The one universal implication that it did have for businesses across the world though was the immediate transition to ‘Remote Work’ that it mandated.
To address concerns of human contact and community transmission, ‘working from home’ has quickly become the new normal for organisations and professionals but unfortunately, not every enterprise was ready to shift to this new reality overnight. What this means is that a lot of businesses were either not equipped with the infrastructure to enable remote work seamlessly or they didn't have requisite processes in place that made the new way of working feasible and effective.
Another problem that quickly reared its ugly head in the wake of COVID-19 was the sudden spike in cyber-attacks the world over. Cyber criminals rubbed their hands in glee as a huge number of people began to work with sensitive data on unprotected home networks, shared computers and routers.
A lot of organisations were and still are unable to make patched and up-to-date VPN servers available to remote workers, leaving a vibrant playing field for criminals to revel in.
Is it possible to make remote working secure?
What organizations now need to recognize is that making remote work secure is imperative but it’s not difficult. As the pandemic sweeps across the globe and governments continue to rattle their brains over the best ways to grapple with the crisis, one thing is clear - remote work is here to stay.
So, it’s best to look into the least complicated and most effective ways to make ‘working from anywhere’ secure for businesses and employees. The last thing any organisation needs right now is a data breach or a cyber crisis that further threatens its bottom line, which is probably already impacted by the virus.
At Cyber Management Alliance, we developed a Remote Working Cybersecurity Checklist at the onset of the global lockdown to help organisations take a few basic steps that would help protect theirs and their customers’ sensitive data and information.
Here are some quick tips from this comprehensive checklist that will help you fortify the security infrastructure of your business as your employees continue to work from anywhere!
1. Basic Awareness Building
This action is the easiest to take, yet it’s also the easiest to overlook. An email, a quick video session or a weekly newsletter - any convenient and cost-effective medium can be used to sensitize employees on a regular basis about the security threats that loom large, how they can be trapped by malicious actors online and what they can do to keep their work and their jobs safe.
Start the remote cybersecurity awareness training by going over some simple principles - remind staff not to share their work devices with their children or spouses, inform them that their activity is being regularly monitored, encourage them to use password managers and never share their passwords on email or messages, send regular reminders for them to update critical software etc.
2. Phishing Emails
Speaking of awareness building, phishing emails are the number one source of the majority of cyber-attacks that take place globally. It is usually an unsuspecting employee that clicks on a malicious email and that’s all the criminals need to enter into your network.
Staff has to be made very well aware of the dangers of phishing, SMShing and Vishing, especially when it comes to links and documents with Coronavirus related information. They must also be encouraged to report malware infections and suspicious activities promptly.
Most importantly, you must create a culture where the staff feels safe in reporting or owning up to any mistake they may have inadvertently made, such as accidentally clicking on a malicious-looking link or opening a suspicious attachment. They must also be very cautious about pop-ups when surfing the web.
3. Online meetings and calls
Remote work equals video conferences and multiple calls throughout the day. While technology has made collaborating with anyone across the globe a breeze, it has also laid out interesting new boobytraps along the way!
Employees must be cautioned against the dangers of discussing confidential information from their homes while their smart speakers (Amazon’s Alexa, Apple’s Homepod, Google’s Home etc) are active and enabled.
Educate staff to not leave their machines unlocked, leave their webcams unblocked etc. These are some basic hygiene checks that everyone must be familiar with as online meetings and virtual interactions become the norm.
4. Policy and Exceptions
If as a business, you don't have a remote working cybersecurity policy yet, put one in place pronto!
Employees must be aware of the company’s Acceptable Usage Policy - they should know what is unacceptable and what activities will be treated as illegal on corporate machines and networks.
It is also important to have an ‘exceptions’ register as well as a list of things that can never be made an exception. The idea is to offer as much clarity as possible to the staff so that they don't make mistakes out of sheer negligence.
5. Managing Security Incidents Remotely
One of the perils of working from home perpetually is that people in the organisation start to become complacent about reporting incidents and issues. From a visibility point of view, the support department may not know that there is ongoing suspicious activity on a particular person’s system.
To address this challenge, it is imperative that employees are regularly trained in cybersecurity best practices and fully familiar with incident-reporting procedures. In addition, key members of the organisations, including management and technical leaders, must be familiar with basics of incident response in case that imminent threat turns into a real attack.
Furthermore, it is also crucial that businesses start investing in regular testing of their incident response plans to ensure that when a crisis does strike, employees working from their respective locations know what to do and how to collaborate remotely to best mitigate the impact of the attack.
6. Privileged Users
IT staff and other business privileged users have to be made aware of their additional responsibilities and security expectations as they work remotely. They mustn’t use their privileged credentials for daily tasks.
Two-factor authentication has to be made compulsory for them, without any exceptions.
Taking the above steps is the ideal way to start ensuring that your employees are able to work safely from anywhere they like.
Remember- the cyber criminals are coming for you and nobody is safe! The only way to ensure least impact on your business is to prepare, prepare, prepare. Happy Planning!