One fallout of the COVID-19 pandemic is the surge in internet usage and cyber-transactions. Internet usage has surged anywhere between 40% to 100% across the world, during the previous eighteen months. Many businesses have shifted a big part of their operations to their employee’s homes. A mix of smart strategies and precautions can keep you and your business safe during these turbulent times. This technology blog offers some handy tips.
1. Secure the Corporate Network
If the cyber spring comes, can cybercriminals be far behind?
Roving cybercriminals target individuals and enterprises. They prey on the hastily assembled remote work systems, and target work-from-home employees. Securing remote access has become more important than ever before.
- Migrate systems to the cloud to enable anytime, anywhere access. Offer remote workers with remote access solutions.
- Establish Virtual Private Networks (VPN) with dedicated tunnels for remote workers. VPN offers secure access from outside the firewall but slows down the connection. Provision for adequate bandwidth capacity. Establish a secure tunnel to route corporate traffic, to work around the bottleneck.
- Set up virtual firewalls. Many remote employees need constant access to critical information behind the firewall. Such remote workers, working outside the corporate firewall, pose a risk to customer data and trade secrets. As a solution, download a virtual machine and set up a virtual firewall, to secure access to the data center.
- Scale online applications securely. For enterprises such as retail that engage with customers directly, the pandemic has caused big spikes in traffic. Rapidly scaling up application capacity creates huge security and accessibility implications.
- Revisit remote work environments set up in a hurry. Tie up loose ends, and add extra layers of security. Many enterprises, in their rush, to migrate to work-from-home, left endpoints open, and neglected patch updates.
- Do not forget the basics of network security. Implement multi-Factor Authentication (MFA) as an additional layer of security. Deploy a good network monitoring tool. Review the security of cloud-based solutions regularly. Conduct security testing of VPN and remote access gateways to keep the configuration secure.
- Conduct thorough security audits from time-to-time. Update anti-virus solutions and other software installed in customer systems.
2. Get Collaboration Right
More people are collaborating online than ever before. Microsoft Teams has seen a surge of 7x in many geographies, compared to pre-pandemic levels. Most enterprise data is now created on laptops and mobile devices outside the office. Online collaboration tools also generate copious amounts of data. The surge in online collaboration, however, raises several challenges by itself.
- Review the tools of the trade. Revisit file sharing and collaboration tools set up in a hurry, or on ad-hoc measure. Migrate to business-level solutions, which are more secure and offer advanced collaboration options.
- Raise awareness on phishing emails. Cybercriminals attack in innovative ways. They may pose as a member of the enterprise IT team and try to help them with their account. They may step into an existing conversation and impersonate actual users. These messages fall in context and do not raise red flags.
- Back-up data. The Enterprise IT team should be able to log in, restore, and back up data from anywhere. With the rise of online collaboration, many teams store data in OneBox or similar solutions and share the link. Such a move enforces a single version of the document. But a careless user may accidentally delete important data. Use a cloud-to-cloud backup to enable separate redundant copies.
- Create multiple, redundant backups of all critical and sensitive data. Keep a copy of such data stored off the network to cope with a ransomware infection or other threats.
- Have a policy for strong passwords. Implement two-factor authentication to ensure the identity of the user. Encrypt data that involves account credentials.
- Automate incident response. Automated solutions identify threats faster and ensure automated remediation. Automated security protocols such as IP verification of incoming emails improve security in a big way. It is impossible to identify and mitigate modern threats using manual methods.
3. Take Leadership of the new Work Order
The pandemic has pushed work away from the office. Gig work has become commonplace. Remote work raises fresh challenges related to work allocation, overload, and presenteeism. When freelancers work with many clients, there is also the question of data confidentiality.
- Have strong non-disclosure and other safe working agreements in place. This is especially important for part-time and contract workers for whom standard company policy may not apply.
- Clarify expectations. For instance, make clear if the remote worker is on flextime or has to work at fixed times.
- Support the workforce to cope with change. Offer corporate laptops if possible. Many employees struggle with their homework environments. They may have to share their workspace with children and spouses, who may share their work computers. They become vulnerable to phishing attacks, click baits, and other attacks.
- Train the workforce. Never assume the workforce knows the basics. Many employees, even senior ones, have never done remote work before. Offer simple step-by-step guidelines on the basics. Teach them how to log in securely, how to use remote access software, and so on. Educate them to not give personal information to unknown sources. The disruption and loss caused by a cyber breach will far exceed the time-out for training.
- Develop a remote working policy. Detail the nature of remote work. White-list the systems and software for staff to use. Blacklist the especially dangerous stuff, such as routers known to carry vulnerabilities. Make sure enterprise IT offers support to update software and troubleshoot.
- Manage resistance to change: Habits have changed. Many things, done in-person not too long ago, are now done online. But, there is resistance to technology in many quarters. Understand the resistance and manage change, both among employees and customers. Make online simple and easy. Invest in making UX simple. Convince the stakeholders of the benefits of taking the efforts to go online.
4. Encourage Safe Online Habits
The COVID-19 landscape has increased the threat and vulnerability of all Internet users. Employees are no longer immune from the malicious environment of the world wide web.
Hackers especially exploit the widespread discussion on COVID-19 on the Internet. Researchers from Check Point identify coronavirus-themed domains as over fifty times more malicious compared to other domains. As a case in point, a website purporting to be a live map for COVID-19 global cases run by Johns Hopkins is malicious. Messages seemingly from governments seeking to verify personal information sumps most ordinary users. These messages need to even come through the corporate email. Domain spoofing attacks are also on the rise. With people hungry for information, even the most astute worker can fall for the subterfuge of cyber-criminals.
- Educate the workforce on the basics of email security. Make sure they do not open unsolicited emails, download attachments, or click on suspicious links. Encourage safe habits, such as hovering over the link to see the source of emails. Speed may no longer be a virtue in the COVID-19 age. Slowing down to be cautious pays rich dividends.
- Implement ad-blocking, script-blocking, and coin-blocking browser extensions. These steps protect against malicious scripts.
- Buy a cyber-insurance policy to ward off unknown and unexpected threats.
A public health scare such as COVID-19 can affect the health of any business. As the adage goes, “when the going gets tough, the tough gets going.” Enterprises that take on the multiple challenges posed by COVID-19 become resilient. They become well-positioned to enjoy the good times on the other side of the COVID-19 horizon.
Related Blogs:
Five Steps to Prepare IT for a Future Pandemic or Outbreak