Since the COVID-19 outbreak, many organizations have been forced to implement the work-from-home (WFH) system across their operations. The bad news is remote work means putting your IT security in less secure environments, leaving your company vulnerable to unauthorized data access.
Regardless of the size or industry, fileserver cloud or no, all businesses need to reconsider the policies and structure of their company within the new WFH arrangement.
Here are some questions to ask to determine your current level of security:
Are Your BYOD Policies Updated?
You may have had a Bring Your Own Device (BYOD) policy before the pandemic started. Still, with the majority of your company working remotely, you might have to revisit these provisions. Given the sheer number of employees migrating to WFH, the risk of exposure has become significantly higher. Account for the fact that those who have never worked from home before may not be aware that there are safety precautions in the first place.
Whole families are locked in their homes right now. It’s safe to assume that people use their work laptops to access non-work-related sites, like a cooking class, an online gym, or even their children’s virtual class. Establish explicitly that work laptops are to be used for work exclusively. In case something has been compromised, you have to have access to the device.
Now that practically every employee in your workforce has taken their machine home, updating your BYOD policies allows you to address all possible scenarios.
Are Your Corporate Policies Updated?
Now is the time to be extra vigilant. With the slew of new business practices, it’s harder to detect spear-phishing attacks. People also tend to be laxer in their less-formal WFH environment, which makes it easier for hackers to ask for specific data in emails, like wire transfers or gift card codes.
In the office, by contrast, employees can take a short walk to someone’s desk for verification before disclosing any information. Getting validation from home via email takes more time and effort, so the employee is likely to complete the request just to get it over with, especially if the requests are routine anyway. And just like that, data has been compromised.
Update your corporate politics to include authorization before fulfilling these types of requests. Set new turnaround time expectations if you have to and explain to your stakeholders why you’re implementing new security protocols.
Identify other potential gaps in your corporate policies that you need to fill to strengthen your data security.
Are You Using Multi-Factor Authentication (MFA)?
Part of updating your corporate policies is examining your password policies. Consider implementing multi-factor authentication (MFA) if it’s not integrated into your password systems already. MFA is the easiest and most cost-effective security solution for an organization. Though it’s not fool-proof, it’s an effective deterrent for perpetrators and can arrest suspicious activities before it’s too late.
Regularly updating your password practices should be standard practice, but now is the time to tighten the requirements and to do more frequent updates.
The sooner organizations accept that cyberattack risks are rising, the sooner they can work on tightening their routine security protocols. Examine your system to identify any holes, and you can start by answering these three critical questions.