January 4, 2023
For many organizations, the COVID-19 pandemic changed the working environment from onsite staff to a remote or hybrid workforce. Per the US Census Bureau, “the number of people primarily working from home tripled between 2019 and 2021”. Although your business has adapted to this “new normal,” cybersecurity continues to lag behind. Market and consumer data company Statista estimated the global cybercrime cost to reach $10.5tr by 2025.
Don’t assume your employees are following best practices when working remotely. Developing, reviewing, and reinforcing cybersecurity processes and procedures is a necessity. The policy should cover critical topics such as data protection, device use (including “bring your own device” usage), passwords, regulation compliance, access management, and security awareness training.
Do you enforce best password practices and have the tools to ensure compliance? Compromising passwords is still one of the easiest ways for hackers to access your systems. Furthermore, if your employees use their own devices, are the passwords shared within their households? Implementing simple steps such as requiring quarterly password changes (at minimum), strong password guidelines (avoiding common words and containing a minimum of eight characters with a combination of letters and symbols), and deploying multi-factor authentication can ensure your data is safe.
Every employee device containing your company data or connected to your network should have the latest security tools, including anti-malware, antivirus software, and firewalls to protect your company’s assets. Furthermore, deploying tools such as Mobile Device Management (MDM) is essential for managing and wiping sensitive company data from your employee’s devices in case of theft, loss, or a significant security breach.
Does your organization automatically back up data, or are you relying on your employees to manually back up their data regularly? Is the data quickly restored if lost? If you’re like most organizations, you have deployed Microsoft 365, which performs automatic backups. However, you need to be aware of limitations on data recovery capabilities since Microsoft has limited responsibility for your data. If you work in an industry with a strict compliance and regulatory environment, you may need to supplement the Microsoft 365 capabilities with a third-party solution.
Your employee’s Wi-Fi network may pose a risk if your company data is not secure or encrypted. Most people do not regularly update their home router software or periodically reboot to clear potentially malicious software from memory, refresh network connections, and keep their internet connection healthy and fast. Making sure your employee changes the Wi-Fi network name and disabling the broadcast of their wireless network name are two simple ways to increase security. As a best security practice, your employees should segregate network devices, have a primary wireless network for work computers, mobile devices, and other trusted devices, and enable a Wi-Fi guest network for smart TVs and other household PCs.
Taking a proactive approach to cybersecurity rather than reactive can prevent attacks before they occur, securing your data and, more importantly, your client’s data. If you are unsure how your company stacks up, reviewing your current environment against the Center for Internet Security (CIS) controls is an easy way to start. Regular cybersecurity employee training and reminders, regardless if your employees are onsite or working remotely, are critical to maintaining good employee habits. Dewpoint security professionals can help you get the most out of your cybersecurity programs and tools. Call us today.