Let’s Secure Our New Normal – Work From Home
After the coronavirus pandemic, it has become a new norm to follow the work from home culture in most of the countries and this trend is here to stay. However, not all the organisations and their employees were ready for this major change in their work environment.
One of the major concerns faced by organisations while enabling remote working was to ensure security of their infra and avoid the risk of cyber-attacks as it is not practically possible to implement the same level of control at home devices and networks.
It is important to protect the customer’s sensitive data by taking enough precautions at an infrastructure level and an individual level. While many organisations are planning to adapt this new concept of work from home culture permanently in the future, following are some suggestions that can be followed to prevent the risk of cybercrime.
Use corporate VPN
VPN (Virtual Private Network) facilitates secure connectivity between your computer to the corporate network. If an employee's connection to the internal corporate is happening over the open Internet, it increases the security risk. Encrypting this traffic via a corporate VPN keeps it secure from intruders.
Secure Home Networks
Employees must be made aware to secure their home network using simple steps like changing the default password on the home router to a strong and complex password, using the strong encryption / password for the Wi-Fi, Disabling SSID broadcast, enabling MAC filtering etc.
Discourage use of Public or Shared Wi-Fi
Usage of public Wi-Fi significantly increases the security risks and must be avoided until absolutely necessary. Encourage users to use their personal hotspot or home connection to perform official duties.
Usage of Personal or Public Computers
Usage of public computers must be disallowed to create, store or process any sensitive information. In unavoidable situations, employees must be trained to use it securely and follow some basic steps like ‘using the private window’, ‘never save the credentials’ and clean your browser history and delete downloaded files before leaving the system etc.
In cases, where employees are using their personal systems, they must ensure that the system is having updated anti-virus and OS fully patched to avoid creating any issue with organization infra.
Implement controls to restrict usage of Removable media
Organizations must implement controls to prevent usage of removable media in all official systems. Even if it needs to be allowed, they should follow the approach of whitelisting a particular drive and for a temporary period. Additional controls like ``Not allowing the auto play” and ‘Not opening a drive without performing a virus scan’ should be implemented.
Regular update of AV / Patches
Organizations must ensure that a mechanism is in place to auto-update Antivirus signatures on the endpoints and maintain all their devices up-to-date by installing the updates as soon as they become available. Outdated software may become a point of entry for cyber criminals.
Limit The Administrative Rights
Most cyberattacks rely on your account credentials & associated privileges. If your users are not a computer’s administrator, chances of saving your computers increases. Organizations must implement control to restrict the administrator rights on end-user devices.
Accessibility and Authorization
Use a complex password on your devices and keep changing it on a defined frequency. Avoid using easily guessable passwords, like your name, date of birth, address and don’t keep the same password for all your applications.
Implement and use Multi-factor authentication (MFA)
Cyber Criminals can either guess the common passwords or can compromise users using social engineering. So, it is very important to implement two-factor authentication for preventing account takeover / compromise, it adds an additional layer of protection in the security.
Audio / Video Conferencing tools
With the latest move of most of the workforce from office to home work environments, it is essential to follow best practices for Audio/Video conferencing security. Employees must only use company authorised software for their conferencing requirement and must follow some basic but important guidelines like:
- Before sending the invite, re-verify the list of invitees to prevent the external exposure and restrict the meetings to authenticated attendees only if possible.
- Use strong passwords for the meetings and share it with only those who need to join the meeting.
- Enable "Meeting waiting room" and notification when a person joins the meeting, wherever possible.
- Share specific windows / applications only and not your entire screen.
Web and Email security best practices
Some of the important web and email security best practices that may be followed and all employees must be trained to adhere them includes:
- Organizations must implement appropriate web and email security solutions to monitor, inspect and restrict the malicious communication.
- Use official assets judiciously, don’t browse and click on any random links in the email messages or malicious websites.
- Never download or open attachments from malicious websites or received from unknown senders.
- Use appropriate encryption while sending sensitive information through email, always share the decryption key / password through separate channel, i.e. text message.
Secure Working area & asset
Employees must need to secure the home office space through physical security options and should never leave the official laptop in the unlocked car or in the living area, which are easily accessible or near to the entry point of the house, as it can be stolen from there.
Keep childrens and other family members away
Official laptops and data stored in it are also exposed to the home environment. Employees should keep their systems safe from childrens and other family members to avoid information leakage and hardware faults to prevent production downtime.
Employee Awareness on Information Security
Employees, which are considered as the weakest link in the security chain, if trained well & equipped with proper awareness about threats & cyber security practices, can be the first line of defense for an organization. Employees must be trained to identify the threats, follow the guidelines and notifying any anomaly to the information security team at the earliest. Promptness in reporting to the information security team may help in limiting the damage in case of a breached system.
Hire a Cyber Security Partner
In the current scenario, when most of the organization is working remotely, it has really become difficult to control cybercrimes. You need a trusted Cybersecurity Partner to manage the security of your infrastructure. So, you can try to find the best VCISO in India and start improving the security of your systems.
The team of Cybersec Knights is also one of the security training in delhi ncr, offering the best cybersecurity & privacy related services to the clients. We ensure that all our customers can work in a secure environment and expand their business. If you don’t have an in-house team for cybersecurity in your organisation, then contact us today!