How to improve Cybersecurity with remote working going on.

Make sure your IT and Security systems are supporters of remote work and not an impeder

As most of us have moved to “hybrid work – part at home/part at office” – here are a few tips to stay safe:

  1. Review business key applications and processes – need to ensure you can work from home OR anywhere due to “life happens”
    • Think through the process of cloud-based applications
      • Will our internet support us running the company “from the cloud”?
      • Do we go with VPN?
        1. Maybe start here and then move to
        2. total cloud-based applications
      • Are all applications in the cloud?
      • Where are we storing our files?
      • How do we keep the data safe?
    • What needs to change?
      • Is the Access Safe/Secure
      • Access to programs
      • Access to files
      • Access to client/employee/vendors contact information
  2. All applications are cloud based
    • What is the cost to convert?
    • Do we have critical applications that cannot be moved to cloud?
      • What are other options?
      • Is the application vendor working on offering a cloud-based option?
      • Is there a reliable/safe work around?
      • Will we have any issues with working with other countries (if this applies)
    • What training is needed to accomplish this?
  3. Use Cloud bases or cloud centric security solutions for every cybersecurity control
    • This means – network; web; email; endpoint; identity management; authentication; access management; SIEM(security information and event management) and SOAR (automation of different processes) – all need to be fully functioning REGARDLESS of where you are at
    • As your inhouse IT Security procedures become obsolete — you NEED to develop your Cloud/Virtual Network Security procedures
  4. Issue corporate laptops/mobile devices AND use mobile device management (MDM) for BYOD
    • Bite the bullet – purchase the devices for the employees
    • Only way to ensure security protocol is being used – you set them up to succeed
      • IF you allow BYOD, you can run into privacy issues
      • With the new company devices
        1. Ensure they have access to help desk
        2. Hardware support
        3. Ensure updates can be accomplished without having direct connection to company network
        4. Use MDM as needed for mobile devices
  5. You decided to go with BYOD — Now what
    • Ensure they have UpToDate (paid for) virus/malware installed
    • Ensure they have updated operating system
    • Ensure updates can be accomplished without having direct connection to company network
    • Encourage them to not allow family to use the computer to play games/watch videos, etc. (these are virus/hacking magnets)
  6. Use Multi-factor authentication
    • No excuses – we all use it for our personal credit cards and banking; no reason not to implement at work
    • This can be as simple as a text being sent to your phone or code emailed to you.
  7. Integrate cloud security control activity, threat intelligence and security telemetry into centralized threat detection & response syst (SIEM/SOAR) that is also cloud based
    • Just because you are Virtual office/have Cloud Based Programs – you must stay vigilant with security protocols
    • Your company’s cyber security is YOUR responsibility – you cannot delegate this
  8. Help employee’s property secure their home networks
    • Your employees home network is NOW part of your business – so you need to ensure it is secure
    • Insist they do not use default passwords – this means – Make sure they change them and there is a schedule to change them, same as you do at the “company office”
      • Make sure the passwords are not on sticker on the monitor
    • They may need to tether to mobile devices for backup access/access depending on the availability to internet
  9. Will be a need to increase, personalize and leverage the automation of your security awareness training program
    • Keep your team members connected so it is “easy” to ask questions regarding security issues
    • Remember, their office mates are probably young or may even be fur baby and not humans – not much help.
  10. Have a clear process for employees, and customers/partners if relevant to report protentional security issues as they become aware of
    • Your team is your last line of defense – enable them to be effective security police
    • Train them to look for early warning signs
    • AND, how to respond if they become aware of an issue (have a written response plan)
  11. Use the daylight out of cloud-based collaboration built in security tools all the time
    • If this is not provided to your team members – they will use what ever is easy/free to me
    • Ensure they have access to company Zoom/Teams, etc.
      • Have the security protocol set up so they do not have to add this to their “remember to do”
  12. Do not forget your IT and security teams.
    • They need to be able to work in the traditional corporate office as well as remote/virtual world
    • They need training to be able to work in the new work environment as well as the traditional work environment
    • They must be able to work effectively remotely like everyone else in the organization
    • They need policy and procedures on how to work in this new environment
  13. Regularly test working from home when not during an emergency (plan this, do not surprise your team members)
    • Select a week out of each year and everyone works from home
    • How did it go?
    • What needs to be improved?
    • What failed?
  14. For future reference –make sure you conduct a comprehensive retrospective
    • Review what worked during the emergency?
    • What did not?
    • How can you improve the process?