Our world has shifted dramatically over the last few weeks. Many people have moved from shock to acceptance as the novel coronavirus (COVID-19) has taken hold across the world, across our nation, in our states, in our communities, and even in our organizations.
Companies are particularly vulnerable during this time from opportunists, threat actors, and even insider threats. Even with hackers promising no more healthcare cyberattacks during this pandemic, organizations cannot be complacent to the real threats and security challenges that exist across every sector.
All this uncertainty has led to the recognition that we must rapidly shift the way business is conducted. Millions of knowledge workers are now working from home, with companies like Amazon, Google, Microsoft, and Facebook mandating their employees to work remotely. Organizations are facing unprecedented challenges and how we address them together will impact our future for the long term. So what can companies do to ensure the safety and security of their workers and ultimately their business?
With more employees than ever working remotely, there are numerous potential threats that organizations must be aware of. Let’s take a look at five pressing concerns that should be top of mind right now for cybersecurity professionals:
#1: Enforcing Ongoing Cybersecurity Awareness: Now that millions of people are working from home, it is essential that companies heavily enforce their cybersecurity policies and practices. Employees may be more likely to click on malicious emails from phishing and other social engineering activities or install unauthorized applications, so security teams must reinforce and reeducate workers on the importance of security awareness during this critical time.
#2: Overseeing Personal and Mobile Device Security: Companies must also recognize there is an increased risk for malware on mobile and personal devices, especially with such a wide range of operating systems and platforms. Workers may also be more willing to save confidential data to their personal devices, putting company and customer data at risk. Security teams should require device registration and provide oversight of devices allowed to access company data.
_#3: Leveraging Secure Connections: _It is highly possible that many remote workers are using connections that are not secure to connect to company networks. This opens organizations up to potential breaches and gives inroads to potential attackers. Security leaders should reinforce and remind employees of the importance in using secure networks while working remotely. Using a virtual private network helps to ensure that employees are secure when they access your company data, systems, and applications.
#4: Prioritizing Data Encryption: With so many interactions over email or chat that occur each day within your organization, it can be easy to forget when working from home the importance of encrypting confidential information. Unencrypted documents sent and stored on devices are subject to potential attacks. And even when companies have encryption technology, it is no use if employees fail to use it. Security professionals should adopt and enforce encryption policies, especially as a large majority of employees are now remote.
_#5: Ensuring Strong Password Management and Authentication: _With so many applications and devices, it can be difficult for organizations to ensure employees are adhering to password policies. During a time when a majority of workers may be home, it is essential to have strong password management in place. This avoids overburdening helpdesks for password resets and enables 24×7 self-service ability. But it must be done in a way that leverages secure and flexible authentication methods with mobile reset, telephone-based keypad resets, or voice biometrics.
Mitigating risks with a remote workforce requires two essential things—action and intelligence. This means understanding where your greatest risks exist by uncovering who and what is most vulnerable in your IT environment. During the midst of an uncertain time, it is more important than ever to prevent, detect, test, and monitor risk in your business and across your workforce.
By evaluating and identifying your greatest infrastructure, device, and employee-related risks, and putting the right security risk management strategies in place, you can gain the intelligence required to take action and respond in real-time to this unfolding situation. Remember, fear is not the greatest threat that exists to your workers and business today. Being unprepared is.
If you would like additional resources and information on combating cybersecurity challenges in your business, visit www.coresecurity.com