9 Critical InfoSec Tips Every Organisation Should Know
In the last few weeks, thanks to COVID-19 and the measures taken by leaders and governments across the world, thousands of organisations have been compelled, where possible, to ask staff to work from home/remotely. In our previous blog entitled “10 Security Tips – How to work from home without compromising security” we looked at the top 10 items to consider when working from home. In this blog, we look at the aspects to consider from an organisation’s perspective.
Whilst remote working allows organisations to continue near to, or equal to, ‘normal’ levels of operation, it does bring challenges with regard to maintaining good levels of cyber/information security. Security risks are likely to have been factored in when considering remote working as a strategy during a crisis. However, the volumes of employees impacted, and length of time involved, are anticipated to change that risk and increase the likelihood of an incident occurring.
It is also worth considering that following this crisis, there may be encouragement of, and therefore an increase in, working from home. As a result, security risks will need to be re-evaluated and mitigation measures considered.
Highlighted below are aspects of remote working that organisations should be considering, if not already established. This is over and above typical information security best practice training and awareness that should already be in place.
9 Critical InfoSec Tips:
• Set up two-factor authentication or another form of encryption. An additional layer of protection is invaluable.
• Make a virtual private network (VPN) available. Ensuring there is a secure connection to the organisation’s work environment is key, as it will hide the user’s IP address, conceal their location and encrypt any data during the transfer. (A common problem with this is that a license, or number of licenses, are usually required and having a sudden increase in the number of employees trying to connect through the company VPN may exceed previous predictions and available licences).
• Ensure any security software, privacy tools or add-ons for browsers are up to date and that patches are pushed to remote workers.
• Avoid unsecured Wi-Fi networks. If staff are working from somewhere other than their own home, they need to ensure they have a means of connecting to a safe and secure network and not an unsecure public Wi-Fi network which carries a much higher risk or malicious activity.
• Remind staff to back up their data. Files should be backed up regularly and, if not automated, staff should be reminded to do this themselves. In the long term, consider a Cloud solution, such as OneDrive.
• Access rights to files, data or systems should be restricted where applicable and available on a ‘needs must’ only basis. Access may need to be revisited to facilitate effective working from home, particularly where staff are performing different roles/covering for others.
• The helpdesk may not be available as usual to provide support with problems or issues – you will need to consider how ‘help’ can be provided.
• Incident reporting – Clear advice and guidance must be available in terms of what to do in the event of a near miss or incident. Is this the usual process or, given the circumstances, is it different?
• A crisis is an opportunity to a hacker and coronavirus is no different. In fact, given the volume of remote workers it may be more attractive. Regularly remind staff to be wary and vigilant of potential phishing attacks.
Do you know how to recognise a Phishing attack? URM provides you with a free guide!
If you need help with any of the points above or with training your remote teams quickly, URM can provide you with:
As a gesture of support and goodwill to all those battling to keep us safe, URM will donate 25% of any end-user awareness training or simulated phishing attacks commissioned during these challenging times, to support those on the front line.