COVID-19 changed the lives of nearly everyone in the world in a matter of weeks. From work life to home life, essentially every aspect has been altered in some way. One major change that many people have had to adapt to is working from home. Transitioning a workforce from an office to a completely remote work environment is no easy task, and if not configured correctly, it can pose tremendous cybersecurity threats. How can you protect your business from these dangers?
Two-Factor Authentication
Two-factor authentication has become increasingly popular as cybercriminals become savvier and password-hungry. Two-factor authentication requires users to log in with not one, but two identifiers or “factors.” For example, when you log in, it may have you enter your password and then ask you to enter a code sent to your verified phone or email. Other times, applications such as Google Authenticator can be used as the second factor of authenticity. These create time-based, one-time passcodes to authenticate users. Make sure any service that employees require for remote work, such as Office 365 or email, has two-factor authentication enabled.
Virtual Private Networks (VPN)
All users should be connected to a VPN that requires two-factor authentication to log in to the network. The company should also have a hardware firewall that you need to authenticate in order to do any remote desktop protocol. If end-users need to be able to access any cloud services from home, rather than opening them up to the world, require that they are logging in from the company’s network or are using a VPN.
Anti-Virus Suite
Any computers that workers are using at home should be running an anti-virus suite just like their office machines were. These protect against malicious software, viruses, and any other potentially harmful spyware or ransomware.
Employee Training
All users should receive some level of training prior to working remotely to ensure that they understand the dangers of the scammers out there in the IT world, as well as how to avoid putting the company in danger. For example, no one from Microsoft is going to be calling you to provide support. You should only be answering calls from people from your own IT department.
Safe File Backups
If users are going to be creating files on their home computers or laptops, make sure they have a secure location where file back-up takes place in an automated fashion. Without effective backups in place, data may be lost or subject to ransomware. If you find yourself in a situation where you need data recovered for any reason, there are a number of data recovery specialists that can get that data back for you at a reasonable cost.
While it may be easier to skip these extra precautions and get the job done faster, this can lead to much more damage further down the road. In order to ensure the security of your business during these trying times, be sure to take the extra steps needed so you come out on the other side of this pandemic as quickly and securely as possible.
Editor’s note: For more resources from ISACA related to the COVID-19 pandemic, visit our Navigating COVID-19 page.