- October 15, 2020
- Catagory cybersecurity
The shift to remote work means cybersecurity awareness across your organization is more important than ever for maintaining ongoing business operations and regulatory compliance.
Even before the pandemic, most organizations had become rather porous in nature from a network security perspective thanks to the Bring Your Own Device (BYOD) movement, adoption of cloud computing, distributed locations, and an already increasingly mobile workforce. But while security technology has emerged to keep up with these trends, it’s not a silver bullet. Every employee needs a heighten level of cybersecurity awareness.
Remote work means that how an employee manages their device at their home office can have an impact on the organization’s entire network. Their cybersecurity awareness means understanding their workstation is an endpoint that must be configured properly as to contribute to the overall security posture of the organization.
Training is critical to maximize cybersecurity awareness amongst your employees, especially remote workers. But it’s easy to lose their attention if training isn’t clear and engaging. If you’re doing regular phishing tests for your employees, try to have a sense of humour with the email content you’re creating as part of the test, for example, but also make sure employees understand the lesson without being made to feel stupid.
Cybersecurity awareness training should be done regularly as part of regular operations, and at least quarterly, rather than being big annual event, because threats to the organization are ongoing as hackers automate their processes to optimize their chance of success. You should also involve the executive team in your training, so everyone understands that cybersecurity awareness is critical to the success of the business. You might have the CEO do a short video, which is easy to share with remote workers.
The training shouldn’t be solely the responsibility of the security team, either. Lines of business leaders should help to spearhead cybersecurity awareness, and it should be a part of your remote work strategy.
It’s important to remember that cybersecurity awareness isn’t only about protecting against threat actors, malware and ransomware, and malicious data theft. Employees need to understand that good security also helps the organization stay compliant with government privacy legislation and meet regulatory obligations that apply to their industry. Data breaches not only have the potential to cripple business operations and negatively affect customers, but also lead to financial and legal penalties that can profoundly affect the long-term health of the organization.
Most people have adapted to remote work for the past seven months, but because organizations are more distributed than ever, there’s a potential for cybersecurity awareness efforts to lapse, even as be bad people around the world continue to take advantage of the new work-from-home reality. Those doing remote work as part of a connected organization must continue to be vigilant about security as part of their daily work habits.
Sanjeev Spolia is CEO of Supra ITS.
- September 29, 2020
- Catagory Security
Many people have hit the six-month mark of remote working, while most of us are fully adapted, there also continues to be bad people around the world taking advantage of the new work-from-home reality.
For remote workers, it means to continuing to be vigilant about security as part of their daily work habits, while organizations as a whole must do their part to protect their themselves by employing cybersecurity best practices to thwart persistent threat actors.
If you’ve also experienced a security-related issue, don’t take it personally. You’re not alone. Even the World Health Organization (WHO) released a special statement warning against scammers purporting to be “official” communications. Having helped our customers for several months to facilitate remote work, we have seen an increase in security issues targeting end-users and organizations since the transition.
As always, we’re available for our customers and are support team is ready to assist with specific issues or helping with proactive configurations to help you shore up your security and optimize the remote work experience for employees.
Personal device use precautions
Ideally, remote workers should be using a company-issued workstation, but if that isn’t possible, be sure they’re taking the following steps to secure their laptop or workstation:
Ensure the PC is patched: Work through the Windows update process and install anu patches, especially if it’s been more than a month since the last update was done.
Install an anti-virus solution: Supra’s service desk can assist you in identifying and installing a software package that will meet your needs.
Lock the PC when not in use: Ideally, the workstation should be turned off when not in use, but at least lock the screen and disconnect from any VPN sessions to the corporate when not working. If the PC is shared with family members, configure a private user account protected by a username and password so that any work sensitive materials will not be shared amongst the family.
If you must use a home computer, try to separate personal use from business use and limit access to personal emails, downloading content, social media and other avenues of malware that could spread while using a personal device work purposes.
Good advice regardless of device
Whenever possible, you should use the workstation supplied to you by your office if you have one because they are typically configured with usernames and passwords, as well business-class security protection tools such as anti-virus software. Supra customers will have installed agents to assist with technical support and security monitoring.
Remote access sessions, whether it’s through a VPN or a remote desktop tool, should only be active while you are using them. If you’re stepping away from your workspace for a bit or finished remote work for the day, disconnect those tools.
As always, be wary of unsolicited emails or attachments from anyone, even if it’s from a work colleague, business associate, customer, vendor or external contact. Verify the authenticity of the communication prior to clicking on any link or opening any attachment, as email remains a popular method compromising systems.
And now for good news
Even though we’ve seen an increase cyber threats, Supra hasn’t seen any targeted attack against our customers, or our company in general. Most attacks that do happen are opportunistic and take advantage of a trusting user accessing a site or clicking on an attachment that looks legitimate, which means following best practices can go a long way to ensuring security for your organization as remote work continues to be the norm.
If you would like to explore other ways Supra can increase overall corporate security or improve collaboration amongst remote workers, get in touch and we can speak to you about the various options available.
Justin Folkerts is Supra ITS’ Chief Technology Officer