Cybersecurity Tips for Going Remote
Have you moved your company workstations home? Working from home is not the safest practice from a cybersecurity point of view.
Being under quarantine, told to “shelter in place” or simply stay home will reduce the chance of COVID-19 infection, but it will increase the chances of cyber-virus infection. Hackers know this, and they will be working overtime to use the pandemic to their advantage.
We’d like to share some must-know recommendations for company owners and their team members (set forth by ENISA) on how to keep your business cyber-healthy during this turbulent period:
1. Phishing Protection
Beware of a new wave of phishing attacks exploiting the general disturbance around the coronavirus. Make sure you and your team members do not click on the links sent to your email by unknown senders and do not open any attachments. Here are a couple of anti-phishing tools you may use to stay protected: Mimecast, PhishFort, Zimperium, GeoTrust, Google Safe Browsing and Mozilla Thunderbird email client.
Instruct everyone to be suspicious of emails asking you to change or update your credential information. Sometimes attackers may pretend to be your banker or tax officials to scam you out of your sensitive information.
3. Unauthorized Access.
Check if your personnel take measures to prevent any unauthorized access to their home workstations (including family members): lock the desktop, log off from the systems that are not used, etc.
4. Internet Connection.
Guide your staff on how to properly secure the home WiFi network by setting a strong router password, enabling encryption with WEP or WPA2 method and securing it with a passphrase. In addition, be sure they set access restrictions so the network is only available for certain MAC addresses on specific devices. They may also reduce the router signal range and make sure their router’s firmware is updated to the latest version. A secure connection to the work environment can be ensured through a Virtual Private Network (VPN) used only by your employees.
5. Network Services.
Your corporate network services may not be exposed to the network if it is not required by the current job requirements. This includes file transfer protocols (FTP, SMB, HTTP, etc.) and all kinds of remote access (VNC, RDP, TeamViewer, etc.). Most of the time turning the Firewall on and selecting guest mode will do the job if set up correctly, but you might look for more sophisticated tools like dedicated endpoint protection suits from leading providers (BitDefender, Symantec, ESET, etc).
6. Password Policy.
Make sure you and your employees keep using strong passwords for all of the accounts, including local OS user accounts and any online services. The feature “remember password” can never be used for any work-related accounts. Using a password manager is the best practice. For Mac OS, using Keychain is the best solution. For Windows, you might look at online services such as LastPass.
Instruct your staff on how to install and use encryption tools, especially for accessing and sharing any sensitive information. If you are using MacBooks in your company, then use built-in FileVault to encrypt your drive. If you prefer Windows OS, you can use BitLocker.
Strongly advise your team not to use personal devices or personal cloud accounts to access any work-related resources and information. Access limitations should be strictly maintained.
10. Software Updates.
Make sure every employee’s OS and applications are up-to-date.
11. Response Plan.
Be ready to provide effective 24/7 IT support to quickly handle emerging issues and have a detailed action-plan at hand.
It is crucial to keep all the staff members aware of the best cybersecurity practices. You can do this by mailing out recommendations to them or conduct an all-hands meeting to provide critical information on how to stay safe and sound.
If you suspect the integrity of your system has been compromised or you need help to configure your security settings properly, don’t hesitate: Book a call with our remote cybersecurity consultants immediately. You must protect your business during these difficult times.
Stay safe and healthy!