The coronavirus crisis has left IT departments scrambling to support a remote workforce. One of the biggest concerns is enterprise security when the workers are not in-house. To add even more urgency to protecting workers, cyber attacks are increasing as hackers try to exploit the vulnerabilities inherent in a distributed work force. Here are nine key things to keep in mind when trying to secure your company's assets against cyber attacks.
- Decide whether employees can use their own devices or be restricted to company-supplied hardware. If possible, provide workers with consistent, secure hardware and software that can be managed as part of a best-practices IT strategy. This way, IT can roll out software updates and security patches to all machines, ensuring they aren't a gateway for hackers.
- Your overall security strategy must include not only endpoint security, but also VPN service security, and an identity management solution to control access to your systems.
- Have a cloud-based backup and disaster recovery solution in place to prevent data loss and ensure business continuity.
- Enforce strict password requirements to ensure they are of sufficient length and complexity. Require users to change them every 3 months or so. Also require two-factor authentication on employee machines.
- Further protect company assets by using a roles-based access management solution to ensure only people with specific roles within the company have access to certain data.
- Use strong encryption to protect your data, no matter where it is or how it's being used.
- Train users on how to detect fraud, phishing attempts, suspicious emails and vulnerabilities. Awareness, education, and security drills are important weapons for arming your workforce against these increasingly frequent attacks.
- As companies conduct more of their meetings virtually, it's important to choose a secure platform with robust data and file-sharing capabilities. Keep a transcript and store it securely as a record of the meeting notes.
- Create guidelines for how employees contact and interact with the IT department from a remote environment. Create a specific plan of action for reporting a threat or incident so that it can be acted on in order of severity.
These are truly uncertain times and it's difficult to know what the future holds in the short or long term. IT departments that may have only supported a few remote workers are suddenly forced to support the needs of a wholly distributed workforce. It's not business as usual, but because of the agility of IT departments and third-party IT providers, businesses can still perform many of their crucial operations during these challenging times.
To learn more, contact a service such as amnet.net.