Due to the COVID-19 outbreak, companies across the globe have been forced to ask their employees to work from home (WFH). It had to be enforced very quickly with the threat of lockdown looming large. IT teams had to work overtime to get the laptops, and the required enterprise software in place to empower employees to work remotely. Did this hasty implementation of WFH leave the IT team with not enough time to prepare in terms of various aspects such as security of systems and data and threat of unauthorised access to the organization through employee’s laptops?
It may seem so because hackers are having a field day and the number of reported cyberattacks have gone up by more than four times since the COVID-19 enforced WFH has been implemented at scale.
What must organizations do?
It is imperative for the organizations to ensure secure VPN connections and use proper protocols for remote operations, communication, transfer of data and access control. The mandate is to ensure that productivity of employees remains seamless while the enterprise applications, systems, and the data in it is safeguarded. The employees need to play their part in adhering strictly to basic guidelines shared by the organization. It is like the efforts of our government and its diktat that we must all follow to ensure that we can successful overcome COVID-19.
Industry Best Practices
I would like to leave you with a few best practices to secure your enterprise systems and data. You may have already implemented some, but it would be good to evaluate each practice and implement the learnings across your organization if necessary.
Best Practices for Employees During WFH:
- Ensure you have a fully updated licenced anti-virus in place
- Beware of phishing, always double check the e-mail sender’s address and do not click on any link provided from unknown people
- Report suspicious emails to IT/Cybersecurity team
- Use strong passwords (long passwords with multi-characters) and change them as per the organization’s defined policy
- Be cautious of shoulder-surfing attempts while entering passwords
- Refrain using save/remember password option
- Do not share your password or any other authentication details with anyone
- Do not use USB drives that have not been provided by your IT team
- Do not install any unverified software
- Do not use a remote desktop service unless absolutely required
- Ensure you are using a secure Wi-Fi connection and not a public Wi-Fi
- Regularly install updates/patches for programs and operating systems
- Ensure having a password for virtual meetings via freely available applications/tools
- Avoid forwarding corporate emails to your personal mailbox
- Regularly back-up all the important files.
Best Practices for Organizations During WFH:
- Publish and communicate the organisation’s policy/guidelines relating to internet access.
- Provide employees with a VPN to connect to corporate systems or remotely access their work machines that are staying on-prem.
- Avoid having employees save work documents on their personal machines; utilize secure cloud solutions.
- Implement zero trust architecture (ZTA), so as to maintain stringent access controls
- Push critical updates relating to the operating system and other applications
- Review password policies and ensure they are strong enough
- Review and revise screen auto-lockout duration
- Have tried and tested collaboration tools to facilitate remote meetings and inform employees about the same
- Ensure constant and easily accessible IT and Security support desk
- Conduct periodic awareness sessions for employees to brief them about the best Cybersecurity practices
COVID-19 has already impacted businesses around the globe and the last thing any organization would want now is a CyberAttack. Protecting your business from hackers is extremely important during the current crisis and the above practices may help you mitigate this risk to a great extent.
In case you wish to discuss any of these aspects further, we are just an email away at: firstname.lastname@example.org.