As we move forward businesses are accepting the rapid changes they instigated during the initial response to the Coronavirus pandemic are likely to become their ‘new normal’. For the foreseeable future most businesses will see an increased level of remote working.
Below is a list of key actions to help mitigate the cyber security risks associated with remote working during the coming months.
Ensure your employees understand remote working security risks and do not create security issues through simply trying to do their job
- Monitor your environment for shadow IT. Employees who encounter remote working obstacles or problems may ignore or bypass existing IT controls, processes and good practices to get something that works such as using personal file sharing applications or emailing themselves documents to circumvent DLP controls. Pay close attention to remote working problems and issues reported by employees to the IT helpdesk and quickly address them.
- Employees are now working with new, unfamiliar tools and technologies in new ways which could result in security exposures and risks. Train employees to ensure they fully understand remote working security risks and the correct behaviours and countermeasures required. Some useful tips can be found at https://info.savanti.co.uk/thoughtleadership/staysafeathome-practical-tips-for-users
Ensure that remote working technologies that have been stood up quickly are secure and that security incident response plans reflect current circumstances
- Many organisations will have rapidly implemented new tools and applications and tools to solve COVID-19 challenges such as Google Cloud services, Microsoft Teams, Zoom and Skype, together with issuing laptops to enable employees to work remotely. Organisations should now review these implementations, checking that they are securely configured and that the correct security controls are in place.
- Review your existing security incident response plans and playbooks as they may not work effectively or efficiently due to the unavailability of key employees who normally support the incident response process and the fact that more employees are working remotely.
Monitor for new threats that may appear. Be aware that there is an increased likelihood of existing threats occurring
- Organisations must continue to monitor for any new and emerging threats such as phishing attacks exploiting COVID-19 or attempts to exploit newly implemented ways of working and ensure that employees are quickly made aware of these. Rapid and timely employee communication is essential.
- The risk of insider threat is increasing due to the potential for redundancies being made within organisations. Implement increased monitoring of those under notice of a redundancy to prevent data loss and consider restricting access to specific systems and applications. Work out how are you going to recover IT equipment such as laptops and mobile phones.
If you’re looking for pragmatic and practical advice regardless of where you are at on your cyber security journey, Savanti are ready to help.