Company Security has not changed......
Just the location of your Employee has.
The COVID-19 or Coronavirus pandemic has had a dramatic impact on businesses. In most businesses, employees are being directed to implement mandatory work-from-home protocols. Fortunately, we live in a world where most people have good enough internet access and we have the technology to work remotely in many cases with limited disruption. However, the sudden spike in remote workers resulting from the Coronavirus response poses some unique security risks for companies as well. Especially, small and medium businesses that do not have the budget for a lot of the toys that larger companies use to prevent attacks.
Your Network has Expanded
Companies were already trying to figure out the complexity of a hybrid and cloud environment, while at the same time, maintaining visibility and effective cybersecurity for a workforce suddenly working from home. This is causing an increase in the number of users connecting to company networks and accessing sensitive data from home computers over the public internet.
As the number of people logging in remotely or connecting to cloud-based SaaS (software-as-a-service) applications rises, the attack surface expands. Companies all of a sudden have and increase in who is connecting to their network from the outside versus the inside. This is increasing the complexity of the network and the ability to ensure security.
The bad guys trying to hack your network are not slowing down due to the COVID-19 pandemic. Instead, they are looking to take advantage of how quick we moved form the office to home and hoping to take advantage of security mistakes made by moving so fast. They have increased odds of getting through a home network that accesses the business network in this situation.
What to Do
The key is to enforce good security practices and training. If you did not use them before, then now is a good time to implement.
Here are a few basic security precautions your users should take as they work from home:
- Multi-factor Authorization (MFA) – This is one of the most important tools to ensure security. If your employee does click a phishing email, they will be alerted on their phone that someone is attempting to access their account. This will stop that access since the cyber criminal will not get the secure code.
- Employee Security Training – Now is a good time to utilize this platform. It is relatively cheap, and you train your employees what happens when a phishing link is clicked and how to recognize what these emails look like.
- Remind your employees to be suspicious of emails from unknown sources and to not open file attachments or click on links. Reinforce the fact that cybercriminals will seek to take advantage of the current environment of working from home and make sure employees know to exercise extreme caution with any email that asks for credentials or other sensitive information.
- Make sure that computers—whether company-issued laptops or personal home PCs—are patched and updated against the latest threats.
- Verify that the devices used to connect to network resources or access company data have endpoint protection or at the very least, anti-virus.
- Emphasize to employees the importance of being positive that their home Wi-Fi router is not using the default password, and that they should use a unique password for connecting to the Wi-Fi network. If it has been years since you changed your Wi-Fi or router password, it needs to be changed now.
- Be sure employees connect to the company network and sensitive data through secure means, such as a VPN (virtual private network) connection and remind them to store data on company-sanctioned cloud storage platforms.
Keystone Solutions has several options that ensure this level of security.
As stated, company security has not changed. Just the location of your employee has.
Stay Safe. Keystone Solutions