With most of the world’s workforce moving to remote working mode over recent months, their organizations have scrambled to give them access to company networks. One side effect of this rapid change has been many businesses becoming more vulnerable to new digital threats, as well as outright attacks on their intellectual property and other sensitive information.
These vulnerabilities have arisen as a result of:
- changes being made too quickly, without the business leaders having adequate time to assess and understand potential risks
- technical team leads making sub-par risk assessments on the assumption that “things will be back to normal soon”, and minimising the threat
- using risk assessment results from past scenarios as a basis for making decisions in the current situation.
The reality is that several countries are still operating in lockdown, especially now with a second wave of infections hitting locations around the globe. This means the remote work model is going to be with us for the foreseeable future and we need to be sure cybersecurity ranks highly in our business continuity plans.
Fortifying your defences
Prioritze your business’s efforts on reducing risks to your network infrastructure and protecting your key services. Here are a few different security measures you might consider.
- Boost your end-point defences. With your teams working remotely, and most likely using their own devices and connections to access your systems, your network could be open to intruders. Boosting your end-point security means you can protect your network from phishing attacks. Plus, adding end-point defences in your network can:
- boost email security by blocking spam
- scan emails for malicious attachments and URLs
- block connections to malicious sites
- block malicious files and behaviours.
- Include multi-factor authentication. This provides an added layer of user verification in your access protocols for sensitive files and systems, and is especially important for users who frequently need to access important files and data storage locations. Strong authentication makes tougher for intruders to break in to your systems and access your data.
- Review administrative privileges. Make sure those with administrator access to your systems and applications are only those people who need it. Review your systems’ access privileges regularly to make sure users have access only to the resources they need to do their job. If you’ve given users temporary access to a resource, put proactive measures in place to review their access at the end of the agreed period. Resourceful intruders can take advantage of forgotten permissions to gain full access to your systems and data.
- Use recommended systems only. It’s important that everyone in your team be on the same page when it comes to which applications and cloud data storage accounts they should use when they’re working remotely. Make it clear which platforms your organization uses, and give staff a secure way to connect with these applications and accounts. As part of this, establish a company policy that no staff are permitted to share company information across their personal accounts.
- Hold awareness training. Going to the trouble of implementing robust security measures without training your team on the why’s and wherefores will defeat your purpose. Remember, working remotely is as new to your team as it is to you, and it’s important to help them understand that the cybersecurity measures they use at home will be a lot different than what they have (but may be unaware of) at work. Training will help them better understand the need for good enterprise security, and the risks to the business (and potentially their jobs) if something goes wrong.
Cybersecurity Management Process
Way We Do’s Cybersecurity Management Process covers several areas you’ll need to assess when reviewing your cybersecurity risks.
- Review your current IT strategy to see where you’re still on track and where you need to make any revisions. This includes evaluating your risk register, and where applicable, carrying out a further risk assessment.
- Review your equipment for what pieces need maintenance and what you should retire.
- Review your current hardware and software and identify what needs updating, testing, installing and uninstalling.
- Review users’ access to identify who needs access to what, whose access should be revoked, and any users who need to be completely removed.
- Review your Business Continuity and Disaster Recovery Plans, your Communication Plan (including Crisis Communication and Internal Communication), and any associated next steps you may need to take with your vendors.
- Review your internal policies and procedures to identify what needs to change to accommodate the current business environment.
- Review employee training programs to ensure your staff are all up to date and fully aware of any risks, and understand how to use any new software and hardware.
Way We Do’s Cybersecurity Management Process will also give you insights into how your team handles these sorts of issues, along with the potential risks you’ve identified from your risk assessment and risk register review. Completing this process regularly also demonstrates to your team your commitment as a leader to maintaining effective cybersecurity controls, and to providing them with the resources they need to support those controls.
Whatever the size of your business, whatever the market conditions or circumstances, as a business leader, you should always keep your IT strategy current, monitor your business environment, and maintain your legislative compliance. Hackers have already taken advantage of vulnerabilities that have come about as a result of the pandemic. But with strong measures in place, you can protect your business now, and into the future.