A Checklist to Help You Fortify Defenses
With more and more businesses shifting quickly to a remote workforce due to the COVID-19 (coronavirus) public health crisis, an increasing cyber-threat is looming over those that have not fully secured their digital work-spaces. Cybercriminals are ready to take advantage of the pandemic, hoping that the gullible or distracted will give them the opportunities they need to carry out scams. The door to passwords and data can be opened with just one careless click or download, leaving remote employees and businesses vulnerable to ransomware and malware attacks.
As we adapt to this unprecedented situation, the Meriplex cybersecurity team recommends that businesses revisit protocols for remote employees or establish new ones without delay. We’ve put together a cybersecurity checklist to help you get started.
In a social engineering attack, cybercriminals manipulate employees into giving up passwords, banking information or other sensitive data. They can also gain access into computers to obtain this information directly. From there, they can send links or downloads to social contacts, baiting them into clicking and spreading the attack.
To protect against a social engineering attack, your remote employees should:
- Stay up to date with your company’s online cybersecurity awareness and training
- Install an anti-spam / phishing solution
- Double check email headers and click only on recognized emails from the outside
It’s now more critical than ever that all team members have strong passwords on every device, including home networks. Without strong passwords, cybercriminals can get into an employee’s Wi-Fi and data or even into your company’s network, potentially launching a harmful or even catastrophic attack.
To strengthen password vigilance, ask that your remote employees:
- Start using passphrases
- Never share passwords
- Never use a public computer
- Deploy MFA (multi-factor authentication)
Endpoints and Bring Your Own Devices.
Personal devices often don’t have the layers of protection that surround company devices. This can leave both a remote employee and your entire business vulnerable.
To guard against cyber-crime related to personal devices, make sure every remote employee has:
- Anti-malware + firewall
- Cloud internet security
- Zero trust architecture with SSLVPN
When remote employees use personal Wi-Fi, it opens businesses up to a host of cybersecurity threats. If those employees are also sharing an internet connection with their kids or using IoT devices that don’t have the same level of protection afforded by a company network, the risks only grow.
To set up your best defense against an internet attack:
- Protect your company data in transit with cloud internet security
- Provide online cybersecurity awareness and training
- Ask remote employees to use a VPN connection
- Protect devices with HIPS + firewall
Ignoring critical software updates can leave employee devices and your entire business vulnerable to ransomware and malware attacks.
To ensure that your software is working for you rather than against you:
- Check that your operating system is running on the latest version
- Don’t let your employees ignore any software updates
- For the most critical updates, utilize automated updates
Internal Resource Access.
As your remote workforce grows, employees will be accessing your internal resources from outside your company network with greater frequency. Without the right solutions in place, those resources – and your business – can be put at tremendous risk.
To secure your internal resources, including your data:
- Update all VPN software and firmware
- Deploy SSLVPN instead of IPsec
Stringent cybersecurity protections for your remote workforce are no longer just an option. They’re a necessity. If you aren’t able to check off these security measures as “done,” please reach out to Meriplex today. We’re here to help give your business the resilience it needs to weather the challenging days ahead.
About The Author
Andres Ruz, Director of Information Security
Add bio of the author here if needed.