The current situation and the necessary restrictions to keep congregating to a minimum have forced many organizations to quickly shift their workforce from being on site to working remotely – from home. In the past, such requests would have taken months of thorough planning that would have included technological evaluations of software, testing, progressive rollout, communication, training and so forth.

With the growing concerns tied to the pandemic, it only took a few days. Some organizations were already well positioned to make that transition with the growing use of cloud services and embracing the use of mobile devices, but others were not so prepared.

These organizations had to basically circumvent many of the Change Management best practices to make it work, because they felt that there was no other choice for them to keep business going. But, with all things in business, when we do not or cannot take the time to plan and test, things go wrong.

With this sudden transition to remote work, there are so many things that can go wrong: not enough laptops, not enough licenses for remote access, not enough bandwidth, not enough training, not enough security.

While transitioning a business from normal in-office procedures to a completely remote workforce, cyber security should be at the top of our strategy and to-do list. While it’s never a good time to deal with a Ransomware attack or a data breach situation, now is one of the worst possible times. During times of crisis, cybersecurity threats often increase as criminals try to take advantage of organizations in transition.

Here are some common cyber threats to keep an eye out for:

  1. Increased phishing and scam emails related to Covid-19
  2. Increased use of remote access solutions
  3. More company devices in the homes of individual employees
  4. Impact to the privacy of information when working from home

what can organizations do to protect information security and privacy?

While there is no silver bullet, here are some controls to consider:

  1. Establish a Telework Program that includes an Acceptable Use Policy so employees know their responsibilities in protecting company systems and information.
  2. Enforce Multi-Factor Authentication (MFA) for *all* remote access to company resources (including emails, VPN, cloud storage, etc.).
  3. If your workforce is located in the United States, enforce geo blocking to limit access to systems within the United States.
  4. Provide specialized Security Awareness training (e.g.: how to detect phishing emails, how to securely configure teleconferencing tools, how to identify and report suspicious activities).
  5. Protect mobile devices in case they are lost or stolen with access controls like a passcode and encryption (on laptops, phones, tablets).
  6. Consider deploying Endpoint Detection and Response solutions to further secure devices such as servers, workstations, and laptops from evolving threats like Ransomware.
  7. Review remote access logs and have a process in place to quickly identify and follow up on suspicious sign-in activities.
  8. Keep all servers and devices patched and up to date.
  9. Review your backup strategy to make sure that business documents are saved where they can be backed up.

We understand that this might be a lot to consider and that there are so many other priorities at the moment.  However, you don’t have to do this by yourself.  Our team can assist you during this challenging transition by reviewing the current controls in place to support your telework strategy, by making recommendations based on the specific threats that your organization is facing, and by helping you implementing the right measures to protect your organization from cyber criminals.

Print PDF of articleLearn more about our cyber services