Cybersecurity - Best Practices While Employees Work Remotely Under COVID-19
Among all of the concerns facing businesses in the COVID-19 crisis, cyber threats loom larger than ever. Predators are looking to exploit overlooked security measures within businesses under intense pressure to operate during the pandemic. Consider how many IT departments are racing to keep up with technology needs in order to support the alternative/ remote solutions that many organizations have deployed. The rigid testing guidelines typically followed before the deployment of such technology may have been compressed in order to support the sudden rush of remote users that many companies had. It is more vital than ever to address these new risk scenarios in order to protect your organization.
Right now, organizations need to enhance and communicate their IT security policies, especially regarding security standards in the new “Distributed Organization” environment with a remote workforce. The same level of security controls that exist in an office setting need to be managed across a distributed team. This is not so difficult to manage if employees are working on company-issued equipment, but not every company issues laptops to all employees, and some may work from a home device. Be aware that personal devices are significantly less secure than organizational ones, making them more vulnerable to a malware attack. Be sure to issue a policy on personal devices and guidance for the security standards of remote workers, if your organization has not already done so.
Employees want to stay productive but should only do so safely. If a remote worker experiences internet trouble at home and their service provider advises lowering the security settings, your policies should require them to reach out to IT, who would determine what risk that would present to your corporate data.
- IT teams should:
- Ensure that multi-factor authentication is in place for 100% of employees 100% of the time.
- Ensure that employees connect to corporate networks using a secure means (e.g., a virtual private network), and store data on available encrypted network drives to avoid loss in the event of a computer virus or other malfunction.
- Ask employees to be wary of suspicious emails, downloads, USB drives or other things that could introduce malicious software onto the network. These could include spoofing and phishing attacks from hackers pretending to be IT personnel asking for credentials.
Additionally, IT teams could provide the following guidance to employees to help mitigate threats:
- Promptly install patches and updates, including to anti-virus software, to all devices on your home network.
- Check individual Wi-Fi router management software to ensure it's running the latest firmware, which can update security flaws.
- Establish a strong password on home Wi-Fi networks unrelated to your work computer password.
In the past, Business Continuity and Cybersecurity risks were addressed and managed as separate disciplines. In today’s business landscape, IT risks need to be managed holistically so that threats and the ability to react and respond are integrated. Lessons learned in the initial days and weeks of the COVID-19 related crisis are validating that organizations need to be actively managing their cyber risk and continuously communicating to system users their role in maintaining a secure digital environment.
For more information please visit the Technology Services Group at Marks Paneth.
For more resources related to the COVID-19 crisis, visit our Pandemic Resource Center.