No matter how comprehensive your contingency and disaster recovery planning was pre COVID-19 it’s unlikely that your business had the foresight to plan for a global pandemic. Mass working from home is not something that many organisations had in mind when focusing on disaster recovery and contingency strategies and this has meant that the sudden rush to deploy and scale remote access across businesses has often felt chaotic. It has also created opportunities for those keen to exploit vulnerabilities in security that have resulted from this sudden shift, which has made ensuring cybersecurity is maintained for staff who are working from home even more important.
Taking steps to maintain cybersecurity during times of remote working
- Provide remote access in the most secure way possible. For many businesses this will be via a Virtual Private Network (VPN) accessed through a laptop provided by the company (ideally), an employee’s own device or a cloud-based “virtual desktop” service. There are many different factors to consider to ensure performance, security and reliability with a VPN, including whether to route all traffic back to the corporate Infrastructure or use split tunnelling.
- Stay up to date with current threats. It’s essential to have a reliable source of threat intelligence in place as the existing situation continues to evolve. This will make it easier to prevent and detect attacks that could affect your business and avoid cybersecurity breaches.
- Protecting against phishing attacks. Remote access may mean that systems that were in place to filter and protect against phishing are less effective and that employees are spending more time online and so are potentially more likely to be exposed to a phishing attack. Applying an EDR (endpoint detection and response) solution may be essential in addition to retraining staff to ensure that they are reminded of basic online safety, such as not clicking on links in emails from unknown sources.
- Put contingencies in place for incident response. Given that there is an increased security risk under the current remote working arrangements it’s important to ensure that your business has a plan in place for responding swiftly to any incidents that may arise.
- Extend standing operating procedures where necessary. You may already have had a significant proportion of your staff working from home prior to the crisis. If not then existing standing operation procedures may need to be extended to provide for working from home and remote management.
- Updates are essential. One of the most obvious vulnerabilities in a remote working situation is where systems are not being kept up to date and properly patched. No matter how effective your virus protection or expensive your systems if they are not up to date they may leave the business vulnerable.
- Provide your staff with home network security tips. Convert your employees into security assets instead of security risks by informing them when it comes to the security of a home network. For example, ensuring that all default passwords have been changed is a simple but effective way to improve cybersecurity at the current time.
- Don’t forget to focus on data and compliance. Rules relating to data handling and legal compliance still exist even under the current circumstances. It’s crucial to ensure that you’re integrating proper data handling and security into your new measures.
Given the reliance that most businesses now place on IT networks, cybersecurity measures during COVID-19 need to be robust and resilient.