A CISO’s Guide to Secure Remote Work
How to Ensure security while your Workforce is Remote
Due to the recent COVID-19 outbreak, many people are now working from home for the first time. With this new reality, organizations need to take additional security precautions to ensure such a drastic operational shift doesn’t introduce new security risks to the business.
Many of the cybersecurity experts at MindPoint Group are already accustomed to working from home while protecting highly targeted environments. Here are some tips we have on reducing security threats that may arise from the increase of remote work.
Document remote work policies.
If remote work is new to your team, start by documenting your security best practices and procedures to ensure your employees have a go-to resource when setting up their home office. This will also illuminate gaps in existing security policies that, to this point, flew under the radar.
Educate employees on social engineering.
Part of documenting your policies should include educational resources and routine testing on social engineering. Social engineering includes things like baiting, phishing, spear phishing, and pretexting. These types of attacks are used to gain access to sensitive data, and typically increase during high profile events and when an employee is remote. Make sure your teams know what to look for so they can report any threats that come their way. Many companies have seen success by simulating these attacks and leveraging them as an additional training and testing resource for employees.
Multi-factor authentication helps provide an additional layer of protection for your employees. Even if passwords or credentials become compromised, multi-factor authentication will help to stop attackers from gaining a foothold within your organization.
Make sure you are using VPN connections.
Hopefully, a VPN is part of your existing security posture. Virtual Private Networks allow employees to transfer files and share data securely, even on a public WIFI network. However, VPNs don’t work if your employees are not using them. Make sure to highlight the importance of VPNs in your security documentation.
Change your WIFI password.
With everyone working from home, there’s a chance that neighbors, friends, etc. have been on your WIFI network. Be sure to encourage employees to cycle their WIFI passwords just in case there are unwanted guests on the network.
Install updates regularly.
Be sure that your employees are regularly installing software updates, even while they are remote. These updates often include security patches that you don’t want to be without. Larger updates should be sent out via email communication to ensure that employees are not only installing these updates but doing so correctly.
Need help with a larger security strategy for your remote teams? Contact us to get more help from the trusted cybersecurity experts.