Protecting your Work From Home Workforce
There has been an increasing number of businesses asking their staff to work from home to avoid spreading of COVID-19. Some businesses already have policies and controls in place for remote and work from home staff but there are businesses that are just adapting to this paradigm. Regardless of how you are enabling your staff to work remotely, you will need to think about how you are protecting the remote workforce.
Here are the few areas you must cover to reduce the cyber risk with work from home staff.
1. Patch your systems
Whether the staff are office-based or remote this is the most important task in Cybersecurity. Keeping the systems up-to-date will reduce the risk significantly. Make sure the VPN software, drivers and all other applications in use are up-to-date. When we speak to businesses they usually have WSUS or SCCM in place for updating Microsoft applications but nothing for 3rd applications. Not to mention the above solutions mostly work only when the devices are on-site. Now you will need to think about a solution that can work for remote devices, ideally a cloud-based patch management solution.
2. Implement 2-factor authentication
2-factor authentication is the best security control to reduce the risk of unauthorised access. Whether it is for the VPN access or the application login we would highly recommend you to look at implementing 2-factor authentication.
3. Educate your staff
The unexpected has hit us without a warning. We found ourselves in massive chaos and this chaos is the perfect opportunity for criminals. The cybercriminals have been using this opportunity to exploit. There has been a massive rise in Coronavirus related phishing emails recently. The emails are in the disguise of providing information, spoofing suppliers, funding campaigns, etc.. with the aim of stealing credentials or deploying the malware on the user’s device. In this pandemic situation, we might feel the need to act on these emails than ever before. It has never been more important to train your staff. Make them aware of the these threats. Provide security awareness training to your staff. How you may ask, get in touch with us and we can show you.
4. Make sure you have detection and response is in place
Finally, Enable logging and monitoring of the events happening on the end-user device. Make sure you have an incident response and recovery plan in place.
FOR LATEST UPDATES SUBSCRIBE HERE: