Many organizations now have highly distributed work environments with their workforce operating from their homes. It’s important to make sure that these new architectures are evaluated to ensure they are still adequately protected with appropriate security technologies.
Examples:
Where possible, implement preventive and detective safeguards as needed and based on the situation. This can include phishing technology for people working remotely, adequate and secure communication technology, or centralized security logging and monitoring safeguards that receive these logs from the entire new environment.
Many cyber security teams were shorthanded before COVID-19 and have multiple single points of failure. Current events could lead to even more key team members becoming unavailable.
Examples:
You only have one person that knows the passwords to your vulnerability management platform, how to operate it, or otherwise perform vulnerability management activities. If this team member were gone, you would be unable to get this information to maintain this cyber service for your business.
It’s common for cyber-attacks to increase during times like these where organizations are not operating at full capacity with normal operation protocol or is under significant stress.
Examples:
We will see increases in phishing attacks associated with COVID-19, especially as workforce may be working from home on systems that may have fewer preventive safeguards on them.
Many organizations now have highly distributed work environments with their workforce operating from their homes. It’s important to make sure that these new architectures are evaluated to ensure they are still adequately protected with appropriate security technologies.
Examples:
Where possible, implement preventive and detective safeguards as needed and based on the situation. This can include phishing technology for people working remotely, adequate and secure communication technology, or centralized security logging and monitoring safeguards that receive these logs from the entire new environment.
It’s important to secure the parts of your workforce that are working from home or offsite.
Examples:
Many home environments are not adequately secured including computers that are not adequately patched, inadequate anti-virus, as well as multiple vulnerable devices on their home network.
Read your company’s security policy and direction while working from home.
Only use company approved connectivity technologies (VPNs, collaboration technologies, cloud solutions, etc).
Always ask your security team for help if you are unsure of what you should do in a specific cyber-related situation.
Make sure you use different and complex passwords for every account you own.
Where possible, try to use multifactor authentication on your accounts.
Use a password manager to store your passwords such as Lastpass.
Do not leave laptops or devices unprotected at any time.
Do not leave laptops or valuables visible in your car at any time.
Only use wifi connections you trust.
Only use company supplied machines for work activities whenever possible.
Try and limit personal activities on work machines and vice versa.
Make sure any computer you use is adequately patched and running updated anti-virus software before use.
Cyber attackers will take advantage of the current landscape. Be mindful and think twice before you click, provide information, or act online or over the phone as cyber-attackers look to take advantage of this unrest.
Be cautious of children or the elderly who are also susceptible to these types of attacks and may not be as cyber savvy.
If you do feel you have clicked on an email or made a mistake, report it to your security team as soon as possible.
Use complex and unique passwords for devices connected to your home.
Make sure that all the firmware and patch updates are applied and current on all connected devices on your network.
Disconnect any old devices connected to your network that you no longer use.
