Is your company prepared for a cyberattack? If you think the answer is yes, stop for a moment and consider all that’s happened in the past few months. Even if you were ready before the COVID-19 pandemic, you may not be now. For one thing, if you have employees that work from home (WFH), you’re vulnerable to additional threats. Each WFH worker provides a new entry point for hackers to gain access to your company’s valuable data and proprietary information.
Additionally, you may have new technologies, such as the Internet of Things (IoT) devices which layer even more entry points onto those you currently have. These devices are notoriously insecure, so you must take extra precautions to ensure your company’s safety. Things like custom software and cloud application development from a company like BairesDev can help – but may not be enough.
Because of these and other developments, now is a great time to dust off your three-ring cybersecurity preparedness binder (or the electronic equivalent) and rethink your policies. Yes, it takes time and energy but think of it as insurance against the much greater expenditures — in time, money, and effort — you would have to make in the event of a major cybersecurity breach.
Assign a Security Team
To get started with your cybersecurity overhaul, assign a group that will manage it. This group should be prepared to:
- Evaluate the current cybersecurity preparedness within the company.
- Review current plans and update them as needed.
- Prepare and deliver cybersecurity training for all employees.
- Create and deploy measures for WFH employees.
- Be the front-line response team if an attack occurs.
Your IT crew is a great place to start to find individuals to serve on this team. But consider workers from other areas as well, such as HR. Employees who are seen as leaders (regardless of their job titles) are great choices because others will be willing to follow their instructions. The team head should report directly to the CEO.
One of the first things the cybersecurity team should do is establish an alternative communications plan in the event of disruptions in normal channels (such as the company’s email system or project management software). Remember to include employees, customers, vendors, and other stakeholders in that plan.
Revise Security Policies
Each company is unique in terms of which security policies are needed and which are practical. The key is to identify weak spots and find ways to strengthen them. Here are a few ideas to consider:
- Implement MFA. By now, any company that only uses passwords to enable employees to log into their accounts is setting itself up for a cyber-disaster. Multi-factor authentication (MFA) uses other methods (such as a code sent via text) to verify identity.
- Software updates. This is Cybersecurity 101. All software applications should be updated regularly, including regular patches. If applications aren’t updated automatically, the IT department should have a schedule for when they will occur. If there is cost involved, prioritize applications that include the most sensitive data.
- Validate DDoS protection. Distributed denial of service (DDoS) attacks are those that use botnets to carry out large-scale strikes. Microsoft states, “Your DDoS protection should be always on, automated for network layer mitigation, and capable of near real-time alerting and telemetry.”
- Create strong backup processes. Backups are a must because, no matter how many measures you take, breaches do happen, and you want to make sure you have continued access to your data in that event. A combination of onsite and offsite backups is ideal.
- Shore up physical security. Make sure employees use IDs at all building entry points. Have security cameras monitor entry points and critical workstations 24/7. Encourage workers to report anything suspicious.
Implement WFH Measures
You may think enacting cybersecurity policies with WFH employees is difficult because they’re not onsite. But there are many steps you can take that will go a long way toward protecting your company’s valuable data:
- Ensure Wi-Fi is secure. Be sure employees’ equipment is up-to-date and that passwords are strong. Discourage people from working in a public location with iffy Wi-Fi service.
- Maintain physical device security. Employees might want to work in a coworking space, which may be fine as long as the Wi-Fi is secure. In these situations, though, employees must be extra vigilant about securing devices if they must step away.
- Use VPNs. Virtual private networks (VPNs) enable workers to safely transmit data as though they were connected to the company’s private network. Equip WFH employees with this technology and make sure it’s up to date.
- Use encrypted messaging. Business Insider states, “Companies should encourage workers to use encrypted, enterprise-focused services like Wickr as much as possible.” Note that consumer-facing encrypted messaging apps like WhatsApp may be less secure.
- Keep personal and work machines separate. Just as employees have separate personal and work machines when they work at an office, they should do the same at home.
- Install anti-virus software. Employees’ work computers should have reliable and up-to-date anti-virus software installed.
The following video describes some of these measures as well as a few others:
Hold Security Trainings
Having a security plan isn’t enough. Making sure your IT team is trained isn’t enough. You must train all employees, no matter their position within the company, and let them know that this exercise is not a once-and-done activity. Strong cybersecurity should become part of your company culture and every team member must be vigilant at all times. You can even hold drills so workers get practice in responding quickly should a breach occur.
Serve as an Example
Cybersecurity is a vital matter and employees need to see examples of others taking it seriously. If you’re a company leader, adopt a “do as I do” mentality and model proper security hygiene for your employees. Additionally, show your commitment to this matter by keeping on top of it and staying in close contact with the security team. These actions combined with the measures above will keep your company secure through the pandemic and beyond.