7 IT Security Best Practices for Organizations in the New Normal
By Sunil Sharma
When the COVID-19 pandemic hit India, organizations across the country had to think quickly about how to ensure business continuity and keep employees safe. The solution: Work From Home. Previously, this was more the exception than the norm, but companies were quick to adapt and many had to do so almost overnight. Today, remote working has become widely accepted as a business best practice whatever the circumstances. In fact, some of the biggest names in business today, such as Google, Facebook Inc., and Twitter have announced that they are open to the concept of allowing employees to work from home permanently. This has led other organizations to consider its feasibility.
One important factor that has stood out during the pandemic is the heightened vulnerability of widely dispersed computing devices, networks and systems, coupled with an increase in the number of cyberattacks targeting them. In addition to fighting the COVID-19 pandemic, businesses found themselves scrambling to secure the critical data on their networks as hackers around the world looked looking for loopholes to exploit a decentralized workforce. With homes looking set to remain offices for some time to come, IT managers have to get to grips with new security priorities.
Here are 7 tips to help you and your dispersed organization to stay secure
- Ensure devices and systems are fully protected
Go back to basics – ensure all devices, operating systems and software applications are up to date with the latest patches and versions. All too often malware breaches an organization’s defences via a rogue unpatched or unprotected device.
- Encrypt devices wherever possible
When people are out of the office there is often a greater risk of lost or stolen devices; for example, phones left in cafes, laptops stolen from cars. Most devices include native encryption tools such as BitLocker – be sure to use them. You also need to be able to lock or wipe devices should they be lost. Implement application installation restrictions and a Unified Endpoint Management solution to manage and protect mobile devices.
- Enable web filtering
Applying web filtering rules on devices will ensure that users can only access content appropriate for ‘work’ while protecting them from malicious websites.
- Create a secure connection back to the office
Using a Virtual Private Network (VPN) ensures that all the data transferred between the home user and the office network is encrypted and protected in transit. Plus, it makes it easier for employees to do their jobs.
- Make sure people have a way to report security issues
With home working people can’t walk over to the IT team if they have an issue. Give people a quick and easy way to report security issues, such as an easy-to-remember email address.
- Manage use of removable storage and other peripherals
While working from home, there is a heightened chance of employees using portable, and often unsecure storage devices on their official systems. Given that 14% of cyberthreats get in via USB/external drives*, it is recommended to enable device control within your endpoint protection to mitigate and manage such risks.
- Scan and secure email and establish healthy practice
Home working will likely lead to a big increase in email as people can no longer speak to colleagues in person. The crooks are wise to this and already using the coronavirus in phishing emails as a way to entice users to click on malicious links. Ensure your email protection is up-to-date and raise awareness of phishing.
(The author is managing director- Sales, India & SAARC, Sophos and the views expressed in this article are his own)