Companies of all sizes are under attack. When organizations around the world quickly sent millions of workers to work from home in response to the coronavirus outbreak, cybercriminals responded by implementing scams that capitalize upon the new vulnerabilities introduced by remote workforces, overtaxed IT staff, and the general feeling of panic and discomfort. Threat actors are conducting special crafted phishing attacks and malware, taking advantage of the fact that users tend to be less vigilant in their homes and using the pandemic itself to lure in unsuspecting targets with fake coronavirus websites and updates.
Many businesses face reduced revenues and cash shortages, so now is the worst time to fall victim to these attempts and give the “bad guys” your valuable data. With the average data ransom at $780,00 and an average associated downtime of 16.2 days, avoiding such an event can be the difference between your business surviving this crisis or not.
A strong cybersecurity defense posture is essential for your business to survive the “new norm” of social distancing and remote work that is in place for the foreseeable future. Yet today’s economic environment requires that we do so in a cost-efficient manner. So, following are 5 finance-friendly best practices to keep your remote workforce secure:
- Provide your remote workers with corporate-owned devices that are actively managed, ensuring the devices are covered by your corporate policies. This includes everything from acceptable use policy to the technical controls your company has put in place to defend against cyber threats.
- Use VPN (Virtual Private Network) software to connect back to your corporate systems. This keeps your data private and secure, even from other devices on the home network. It is important to ensure the VPN is configured for secure remote access, meaning in a way that protects corporate traffic by ensuring cyber threats from users’ home networks cannot infiltrate the full corporate network.
- Require multifactor authentication (also known as 2FA & MFA) so your remote workforce authenticates using at least two items from three possible categories – something they know (e.g., their username & password) and something they have (e.g., their phone) or something they are (e.g., fingerprint scan). Multifactor authentication prevents cybercriminals from being able to use stolen credentials and protects against employees that re-use credentials.
- Set password policies that define how complex a password must be as well as how frequently the password must change. When allowing remote connectivity, complex passwords that change frequently protect you from cybercriminals using the billions of stolen passwords already for sale on the dark web.
- Implement security awareness training to equip users to identify and protect against one of the most common cyberattacks – scams that get them to give up their login credentials. The most common of these include phishing e-mails that take them to landing pages where their logins can be captured or asking them to open a piece of software like a weaponized office document.
In these unsettling times, the last thing you want is to worry about is the security of your valuable data. Implementing the best practices above will give you the peace of mind you need to focus on the other aspects of your business that need your attention.
Not sure which initiatives are right for your business? Or how to implement them cost-efficiently? A good managed services and cybersecurity provider can help, whether you choose to completely outsource your IT or utilize them to enhance the bandwidth of your current IT team.