Best practices: Maintaining cybersecurity remotely
COVID-19 has quickly changed the way large and small companies in the Chicago area and elsewhere carry out their business. One of the biggest adjustments companies have had to manage is the shift to a remote workforce, as most businesses with the capability to move workers to teleworking arrangements have done so.
Unfortunately, this major rise in the number of remote workers is creating more opportunities for cybercriminals.Phishing attempts are on the rise. Cybercriminals are taking advantage of the anxiety with social engineering, sending spoof emails, either purporting to come from internal stakeholders with information about workplace changes or coronavirus response efforts, or external organizations like the World Health Organization, with news or information about COVID-19.
Good cyber hygiene habits can help prevent an attack from causing damage, even with an elevated threat level. Here are a few strategies to help you stay secure:
Educate your team: Education is key to addressing the human element of cybersecurity. Raising user awareness of cyber dangers should be a priority for all businesses. Cybersecurity training is most effective as an ongoing effort, ideally combining in-person sessions, online courses, and awareness campaigns with email reminders and posters.
Topics to cover should include the following:
• Identify and avoid suspicious emails .
• Set and enforce strong password policies.
• Set browsers to warn users when visiting a site that has been flagged as containing malware.
• Block downloads from suspicious or unsanctioned sources.
• Prohibit users from sharing company-owned laptops and mobile devices.
• Teach users not to access sensitive company data through public Wi-Fi networks.
Enact common sense policies: Technology alone cannot guarantee the security of a company's data. User education must be supported by common sense policies.
Security policies are multidimensional. Password policies are a good starting point, but businesses also need to address who gets access to which systems. Employees should be granted permission only to those systems they need to do their jobs. Businesses also need rules on whether employees can use their own mobile devices for work. If so, those devices need to be monitored, secured with endpoint protection, encryption and -- in case of loss or theft -- wipe capability.
Set a strategy: End users are often the weak points that enable cybersecurity breaches, but educating your employees is only part of the battle. Understanding the threats and what cybercriminals are after is essential to building strong cybersecurity defenses. In addition to user education, here are some other essential components of a comprehensive cybersecurity strategy that will grow with you:
•Implement advanced tools: Businesses need a multilayered approach to cybersecurity and should consider implementing a combination of tools that includes an anti-virus program, firewall and network security solutions that proactively protect all devices connected to your network.
• Invest in expertise: It's hard to have a full grasp of cybersecurity without expert help. For smaller companies, working with a managed security services provider (MSSP) is the best bet, though even businesses with in-house experts can benefit from tapping a provider.
•Secure mobile devices: As computing becomes more mobile and cloud-based, companies should include mobile devices in their security strategies or risk leaving a door open to cyberattackers.
•Jeff Cobb is regional vice president of Comcast Business