This is the first in a series of solutions that CyGov will be providing in order to help organizations best manage these atypical conditions. Here are the initial basic steps organizations can take to stay safe.
In times of uncertainty and fear, an unprecedented number of people have begun to work from home. Our job as a cyber-security risk-management platform is to help people—wherever they work—do so as productively and safely as possible. With normal business practices disrupted and employees and partners scattered to remote work-spaces, this presents new opportunities for data breaches and critical losses.
1. Basic protection: An enterprise level antivirus solution should be installed on all systems and devices (e.g. servers, laptops, desktops, mobile devices):
Ensure that anyone who connects to the business network uses a VPN.Make sure the office and all endpoints are secure, patched, and up-to-date with cyber-security programs, and that the systems will only run authorized applications.
Assure that users get as many security updates as possible automatically.
Enforce Multi-factor authentication Follow best practices for strong passwords and use a password manager.
2. Ensure that full-device encryption is activated to protect any data on devices that might get stolen. For example, BitLocker, a powerful encryption solution can also encrypt removable USB drives, is a solution for Windows 10.
3. Ensure continuity of operations plans or business continuity plans are up to date. Update incident response plans to consider workforce changes in a distributed environment.
4. Optimize behavioral analytics tools for detecting suspicious activity for admins and those who handle critical data. Consider requiring remote staff to access legacy apps and services through a virtual desktop environment. Test the virtual desktop environment to ensure the user experience is as needed.
5. Increase awareness of information technology support mechanisms for employees who work remotely.
6. Instruct employees on how to access and use remote support tools. These tools enable IT teams to solve their colleagues’ work-from-home problems without being physically present.
7. Test remote access solutions—make sure they function properly at increased capacity.
8. If you’ve set up automatic updating for your users, make sure you also have a way to check that it’s working. This security software will produce warnings, so make sure you review those warnings—and let your users know what they mean and what you expect them to do.
9. Ensure employees and partners can report security issues quickly and easily. Teach them only to reach out to you for cybersecurity assistance by using specified secure methods.
Additional Guidance: • Organizations with a high cloud adoption tend to be the most adaptable for remote work. • Several tech firms, including Google and Cisco, have begun to offer their collaboration tools for free as companies around the world quickly implement work-from-home policies and conferences are cancelled. • Remember that if you do suffer a data breach, such as a stolen laptop, you may need to disclose the fact to the data protection regulator in your country. These are the first and basic steps any organization must take to ensure that the increasing number of employees working from home do so safely.
Empowering Cyber Risk Management
4701 Sangamore Road, Ste 100N Bethesda, MD 2081 212-655-3023 firstname.lastname@example.org