The following article first appeared on the website of The Network Support Company, a Connecticut-based IT solutions firm.
Companies of all sizes are under attack.
When organizations around the world quickly sent millions of workers to work from home in response to the coronavirus outbreak, cybercriminals responded by implementing scams that capitalize upon the new vulnerabilities introduced by remote workforces, overtaxed IT staff, and the general feeling of panic and discomfort.
Threat actors are conducting special crafted phishing attacks and malware, taking advantage of the fact that users tend to be less vigilant in their homes and using the pandemic itself to lure in unsuspecting targets with fake coronavirus websites and updates.
Many businesses face reduced revenues and cash shortages, so now is the worst time to fall victim to these attempts and give the bad guys your valuable data.
With the average data ransom at $780,00 and an average associated downtime of 16.2 days, avoiding such an event can be the difference between your business surviving this crisis or not.
A strong cybersecurity defense posture is essential for your business to survive the new norm of social distancing and remote work that is in place for the foreseeable future. Yet today’s economic environment requires that we do so in a cost-efficient manner.
The following are five finance-friendly best practices to keep your remote workforce secure:
- Provide your remote workers with corporate-owned devices that are actively managed, ensuring the devices are covered by your corporate policies. This includes everything from acceptable use policy to the technical controls your company has put in place to defend against cyber threats.
- Use Virtual Private Network software to connect back to your corporate systems. This keeps your data private and secure, even from other devices on the home network. It is important to ensure the VPN is configured for secure remote access, meaning in a way that protects corporate traffic by ensuring cyberthreats from users’ home networks cannot infiltrate the full corporate network.
- Require multifactor authentication (also known as 2FA & MFA) so your remote workforce authenticates using at least two items from three possible categories—something they know (e.g., their username and password) and something they have (e.g., their phone) or something they are (e.g., fingerprint scan). Multifactor authentication prevents cybercriminals from being able to use stolen credentials and protects against employees that re-use credentials.
- Set password policies that define how complex a password must be as well as how frequently the password must change. When allowing remote connectivity, complex passwords that change frequently protect you from cybercriminals using the billions of stolen passwords already for sale on the dark web.
- Implement security awareness training to equip users to identify and protect against one of the most common cyberattacks—scams that get them to give up their login credentials. The most common of these include phishing emails that take them to landing pages where their logins can be captured or asking them to open a piece of software like a weaponized office document.
In these unsettling times, the last thing you want is to worry about is the security of your valuable data. Implementing these best practices will give you the peace of mind you need to focus on the other aspects of your business that need your attention.
The Network Support Company is an IT solutions firm with offices in Danbury and Orlando, Florida.