Almost one year has passed since COVID-19 changed our daily lives, from how we interact with friends and family to how we conduct our daily work efforts. Over this time, we have found that the move to a more remote workforce has also brought some undesired security consequences. Most organizations were forced to rapidly transition to a remote business model that they may not have been prepared to move into. Information Technology (IT) Departments deployed remote capabilities so their workforce could continue to operate, all while dismissing security controls that they would otherwise be sensitive to applying before these capabilities were deployed.
Now we find ourselves trying to close the gaps that were ignored during deployment. And some organizations are finding it difficult to bake security into a remote workforce process that has been established for months now.
As a result, organizations are finding that they will need to roll back certain deployments and redeploy with the appropriate security controls or deploy a new solution and process. Either way, it is a necessary process since security incidents are on the rise with a larger portion of the workforce working remotely.
Approximately, 42% of the workforce is working remotely. With this increase of remote employees, cybersecurity threats and scams are on the rise. Organizations must change their approach to how they protect their infrastructure and their workforce. As the Washington Post reported, global losses have already reached almost $1 trillion. Not only this but as of February 2021, the Department of Homeland Security reported about 80,000 website domains used to falsely sell COVID-19 vaccines. These websites were found to collect sensitive information from individuals, from Personal Information to Credit Card Numbers.
Organizations must keep moving forward with developing a proper security program to counter these threats.
Here are 10 ways to protect your organization and its employees:
1. Security Policies. Update your security policies so they are current and relevant to the new, remote landscape.
2. Incident Response Plans. Ensure your Incident Response plans are developed properly, tested, and ready to execute.
3. Cyber Awareness Training. Make sure to properly educate your employees on the common ways threats can attempt to gain access to their system and teach them ways to mitigate these threats. We recommend providing a regular security quiz with your entire workforce.
4. Send Security Alerts. Have your team monitor the latest security news and update your employees on new threats. For example, your employees should be aware of the COVID-19 vaccine website scams.
5. Properly Segment Networks. As more employees are remote, make sure they cannot access sensitive areas of the network while connected is crucial. This can help isolate and contain infections if one does occur.
6. Data Loss Protection (DLP). Understanding the traffic and data flow of your environment is crucial. Once you do, you can control data flow and protect from potential loss before the data leaves.
7. Intrusion Detection & Protection. If you understand your nodes and data flow, you will now be able to alert and potentially block malicious access.
8. Logging & Alerting. Having the ability to properly log incidents and alert on them is critical in preventing a potentially disastrous situation from getting worse. If you are not aware that an incident has occurred, how can you react to it?
9. Multifactor Authentication. This adds an additional step to the authentication process of accessing your infrastructure. It is typically a username and password with the second step of using a pin.
10. Patching. One of the most underrated tasks of organizations. This is by far the one thing that could prevent a breach or back door from occurring since most attackers look for flaws in code to take advantage of. Having a proper patch management program in place is critical.
As the threat of attacks increase, everyone must be vigilant in protecting their organization and their assets. Implementing these steps at the enterprise and the endpoints should help with addressing the most common security risks facing our workforce. Keep in mind—nothing here is static. Security is a fluid process and these processes should be tested for their effectiveness.
If you have questions about cybersecurity and how to safeguard your organization, contact us. Slate Enclave is the trusted partner for custom security solutions, tailored to your business. Our team performs audits for organizations to determine where their security systems are deficient and how to mitigate these deficiencies.