If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work. At present, 1 in 3 Americans are being asked to stay at home and, for some, work from home, including the entire Ostendio team. In addition to practical ramifications including family distractions, there is a lesser-known side effect of this new reality: Hackers are working harder than ever to take advantage of new weaknesses in your security.
If this is your first time managing a larger remote team you have probably done the basics already of making sure they have the right equipment and access needed to work effectively but when it comes to security while working from home we shouldn’t be complacent. Working remotely has its benefits but it also has some challenges.
While you are working remotely, or managing a team that is working remotely, keep these points in mind:
1. Train employees to avoid malware and phishing.
In Italy, they have already seen a significant increase in the number of phishing attacks and malware related to the coronavirus. Remember to use best practices when you decide whether to click on a link or not. The criminals who send these scam emails are preying on your emotions around COVID-19 and have started using this virus as a topic to entice people to click malware links. If you are running a team of employees working from home, consider asking them to review security training for this purpose.
2. Check the security of all networks.
Remind employees to keep their home network secure by making it password protected so that only approved users in the household have access. Don’t use public WiFi which has no security measures in place and makes data vulnerable to hackers. When possible use a Virtual Private Network connection, also known as a VPN, to protect your traffic from being spied on. Many endpoint protection software providers add this on to their service offering. Check with your IT department to see if they have this capability.
3. Enable multi-factor authentication on email accounts.
This is a simple but effective way to protect email accounts from hackers. Using MFA (multi factor authentication) decreases your reliance on passwords alone which are often easily hacked.
4. Use strong passwords.
I regularly remind customers and employees about this simple action item, so now is a good time to reinforce this message with your remote workers. Try using a memorable phrase for a password rather than a single word and never write them down. Include numbers and special characters to increase the complexity of your password. We’ve offered advice in the past about passwords so take the time to make sure your team is following best practices.
5. Update virus protection on employees’ laptops.
Protect your company data by running the latest versions of all the programs you use. The patches and updates that are issued on a regular basis often contain security updates that will protect your team while working from home. Hopefully team members are able to use a laptop or device that belongs to your organization. Do not use home equipment to access work related systems unless that’s your only option as personal equipment might not have up to date security programs in place and leave your network vulnerable to attack.
6. Make sure your network is ready for increased capacity.
With more remote workers there is an obvious increased load on networks and systems. Make sure your network can handle the increased capacity. Don’t forget that hackers know that IT departments are working hard to allow an increased number of people access the systems they need so use extra caution when adding users and don’t forget to follow security protocols.
7. Update your corporate cybersecurity policy.
Your organization should have a cybersecurity policy that outlines the corporate standards of behavior for using your networks, authentication etc. Make sure this is up to date with regards to an increased number of work from home employees. This policy will include access management, access to documentation, use of personal devices and data privacy considerations.
Finally, one personal tip for managing a remote team is to continue a solid workplace culture by agreeing on a web conferencing platform to use so that team members can still see each other during meetings. (Hint: many are offering free services at this time!) By maintaining face-to-face communications at Ostendio, even if done via web conferencing, we have more of an office feel and remote employees feel less isolated.
If we use these tips to beat the hackers during this COVID-19 outbreak, perhaps there will be a positive to take away from working from home. Afterall, many people value a job where they can work from home and this prolonged period of remote work may very well cause a shift in the way companies approach remote workers in the future. The key to managing a remote team as a COO, CISO or IT department is the ability to execute it securely and efficiently. By following these simple tips for remote work we will all hopefully learn to adapt to a secure new way of working.
Ostendio is offering free Business Continuity consultations with its customers at this time. If you need help with your Business Continuity planning due to an increased number of remote employees Ostendio can help.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.