Across the region, many businesses have made adjustments to allow for remote work amid the COVID-19 pandemic. As many companies continue to operate remotely and businesses build out teleworking capabilities to support, an unintentional consequence has occurred – cyberattacks are on the rise. In fact, cybercriminals are attacking at a growing rate and bigger scale by exploiting current vulnerabilities amid the current remote work environment.
There are a few reasons why this environment is prone to cyber threats. First, as more employees work from home and children learn from home as well, local residents are spending more time on their home networks. Second, it has never been easier to purchase malicious software on the internet and attack. And third, many IT teams lack significant visibility into employee activities and network threats. Together, these factors mean no business is immune from cyberattacks. In fact, every organization, regardless of size or industry, is at greater risk.
To prevent malicious attacks or lasting damage, businesses must combine specific measures with the right cybersecurity technology solutions. Here are a few best practices organizations should follow to keep their business secure.
Develop a strategy based on worst-case scenario
Understanding the threat landscape and cybercriminals’ goals is important when developing a comprehensive cybersecurity strategy. But as cybercriminals continually evolve their approach, it’s just as important to consider what you aren’t thinking of or where there could be security gaps in your current system.
This is the exactly what Bryan Persing, Director of IT for Herbert, Rowland & Grubic Inc. – a Harrisburg-based civil engineering firm – took into consideration. As he was learning more about the uptick in phishing attempts and malicious attacks amid the COVID-19 pandemic, he realized the need for a strategy that addressed worst-case scenarios. As a result, he made the decision to implement a DDoS (Distributed Denial of Service) solution to address potential security related issues.
In addition to developing a worst-case scenario strategy, here are a few other essential components of a comprehensive cybersecurity approach:
- Implement advanced tools. Because cyberattacks have become increasingly sophisticated and diverse, businesses must take a multi-layered approach. First, assess your network’s strengths and weaknesses, then implement the right combination of tools that work best for your needs. This could include an antivirus program, multifactor authentication for employees or network security to proactively protect devices that connect to your network.
- Invest in expertise. The cyberthreat landscape will only continue to evolve, so it’s important to have experts in your corner to help to ensure that your tools cover the full scope of the potential threats to your business. Small to medium sized businesses should consider investing in a managed security services provider (MSSP), but even businesses with in-house cybersecurity teams can benefit from collaborating with an outside provider.
- Secure personal devices. As more business is done remotely, mobile devices and cloud-based platforms are now essential work tools. Because these are used and accessed outside of the protection of your business network, be sure to include these platforms in your security strategies. Otherwise, you run the risk of leaving an opening to cyber attackers.
- Continuously conduct stress tests on your network. You shouldn’t wait for an actual attack to learn whether your cybersecurity system is in place. Consider creating fake phishing schemes to test your employees or running cyberattack scenarios with your IT team to ensure you’re prepared.
Provide education and resources to employees on cybersecurity best practices
Even with state-of-the-art cybersecurity software to protect data, these solutions are only as effective as the individuals using them. Therefore, it’s important employees are provided with resources and proper education to help complement the tools. During this time of remote work, employers should consider a mixed approach of online courses, awareness campaigns and email reminders on how to:
- Identify and avoid suspicious emails. This will help employees avoid phishing attempts with URLs or attachments programmed to download malware into a network.
- Set and enforce strong password policies. Teach employees to come up with strong passwords or passphrases, enforce policies to change passwords frequently and prohibit password sharing.
- Set browsers to warn users when visiting a site that has been flagged as containing malware.
- Block downloads from suspicious or unsanctioned sources.
- Prohibit users from sharing company-owned laptops and mobile devices.
- Teach users not to access sensitive company data through public WiFi networks.
Enforce company-wide “Common Sense” policies
“Common sense” cybersecurity policies help take employee education a step further. These are designed to reinforce the training that employees have been given and help them avoid bad habits that could lead to breaches.
While these policies should be multidimensional and can vary from business to business, password update policies are typically a good place to begin. In addition, it is important to think about who gets access to what systems and which devices can be used to access systems. For instance, if your business works with contractors, consider how you will authenticate their network access and protect their devices. And, if you allow employees to use personal devices for work, ensure you monitor, protect, encrypt and wipe these devices when necessary.
As employees continue to adapt to new work environments, the unfortunate reality is that businesses increasingly face the threat of cyberattacks. Through a combination of the right technology solutions and the implementation of cybersecurity best practices, businesses will be in a better position to protect their employees, assets, and customers from cybercriminals.