{"id":423,"date":"2020-05-19T11:33:37","date_gmt":"2020-05-19T06:03:37","guid":{"rendered":"https:\/\/tech9labs.com\/blog\/?p=423"},"modified":"2020-05-19T11:33:40","modified_gmt":"2020-05-19T06:03:40","slug":"managing-the-cyber-risks-of-work-from-home-wfh","status":"publish","type":"post","link":"https:\/\/tech9labs.com\/blog\/2020\/05\/19\/managing-the-cyber-risks-of-work-from-home-wfh\/","title":{"rendered":"Managing the Cyber Risks of Work from Home (WFH)"},"content":{"rendered":"<p>Across the world,\ncompanies and governments are rapidly taking responsible measures to protect\nthe health of their employees and citizens\u2014including asking people to work\nremotely.<\/p><p>Sales, Accounting,\noperations, human resource staff, the C-suite, and other workers are logging\ninto company sites applications, attending online meetings, webinars for\ntrainings and accessing sensitive company data via the internet\u2014in many cases\nthrough their home computers and private mobile phones.<\/p><p>While digital\ntools offer excellent support for work from home workers, shifting work\npatterns on such a massive scale can have serious unanticipated implications\nfor IT and cybersecurity. Is your company adequately prepared for the changes\nin your cybersecurity risk?<\/p><p>Consider the\nimplications of workers clicking on an ad promising a COVID-19 cure, vaccines\nor drug, or opening an email attachment\u2014from what appears to be a legitimate\nhealth agency offering pandemic updates\u2014that embeds software designed to\ncompromise security. Or what if a worker is manipulated by social engineering\ntechniques to follow instructions from a cybercriminal claiming to be from the\nemployer\u2019s IT support or help desk.<\/p><p>Does your\ncompany have adequate provisions in place to prevent workers from downloading\nmalware that could be used to collect passwords providing access to payment\nsystems, personnel records, personal customer data, intellectual property, and\nother important assets?<\/p><p>By implementing\nseveral practical training, process, and technology measures, companies can\navoid adding a cyber crisis to the challenges associated with COVID-19 and\nlockdown impact. There are recommendations to companies to take the following <strong>seven<\/strong>\nsteps to protect their corporate assets.&nbsp;These recommendations will\nstrengthen companies in running their operations without additional burden of a\nsecurity incident and wasting productive hours in managing those security\nbreaches and focus on sustaining and increasing the sales and revenue of the\ncompany.<\/p><p><strong>Seven recommendations to protect\nagainst Cyber risks during Work from Home operating model:<\/strong><\/p><ul class=\"wp-block-list\"><li><strong>Assess Core IT Infrastructure For Remote Working<\/strong><ol><li>Endpoints- MAC Address record +Access only to authorized users.<\/li><li>Connectivity- VPN + MFA, Shift to WVDI- faster and safer in comparison with VPN.<\/li><li>Enterprise Infrastructure- Configure core infra assets to accept remote connections, increase the capacity if require.<\/li><\/ol><\/li><\/ul><ul class=\"wp-block-list\"><li><strong>Secure Applications and Devices for the Remote Employees<\/strong><ol><li>Encrypt and install firewall in all the end point devices<\/li><li>Secure Access to company systems- IT should monitor the logs.<\/li><li>Make sure cyber-incident response processes are robust tried and tested.<\/li><li>Install remote-collaboration safeguards<\/li><\/ol><\/li><\/ul><ul class=\"wp-block-list\"><li><strong>Embed Cybersecurity into Business Continuity Plans<\/strong><ol><li>Guarantee emergency Security Access<\/li><li>Train backup teams and enable remote support<\/li><li>Put clear communication plans in place<\/li><li>Capability to rewrite policies and process and adopt rapidly.<\/li><\/ol><\/li><\/ul><ul class=\"wp-block-list\"><li><strong>Make the Newly Remote Workforce Aware of the Added Security Risks<\/strong> <ol><li>Train workers to use new tools and features securely<\/li><li>Establish protocols for remote workers to authenticate each other.<\/li><li>Prepare a guidance library, best practices<\/li><\/ol><\/li><\/ul><ul class=\"wp-block-list\"><li><strong>Establish Protocols and Behaviours to Prepare for Secure Remote Working<\/strong><ol><li>Increase the capability of helpdesk, train them. MFA for remote control etc.<\/li><li>Explicitly define ways to work remotely<\/li><li>Document, announce, and provide for remote meetings, digital collaboration, and file sharing<\/li><\/ol><\/li><\/ul><ul class=\"wp-block-list\"><li><strong>Embed Cyber security in Corporate Crisis Management<\/strong><ol><li>Update cyber crisis management plans<\/li><li>Ensure that mission-critical technology and personnel are always available<\/li><li>Provide frequent, coordinated cyber security announcements<\/li><\/ol><\/li><\/ul><ul class=\"wp-block-list\"><li><strong>Update Access and Security Measures<\/strong><\/li><\/ul><p>Executives\nand other key staff who handle sensitive data are particularly critical but\noften less familiar with technology and its risks. Cybersecurity and identity\nmanagement teams should limit their access and provide upgraded security\nmeasures to reduce the risk of compromise. Following measures can be\nimplemented for strengthening the control for C-Suite Executives:<\/p><ol class=\"wp-block-list\"><li>End point Encryption, Password\nbest practice, Create 2<sup>nd<\/sup> network separate from personnel network<\/li><li>Two factor authentications (Mail,\nVPN, VDI, ERP, core apps)<\/li><li>Implementation of\nAnti-ransomware, EDR on the laptops\/desktops, backup of the critical, sensitive\ndata.<\/li><li>Extra monitoring of their email\nflow (In, out)<\/li><li>Suggest and train family\nmembers to handle social activities cautiously<\/li><li>Verify all financial\ncommunications before acting on the mail-based funds transfers, check email\naddress and report if looks suspicious<\/li><li>Do not open unsolicited\nattachment and mails.<\/li><\/ol><p>Cyber-attacks\nare like the COVID-19 virus itself. Patching your systems is like washing your\nhands. And not clicking on phishing emails is like not touching your face.<\/p><p>Taking these\nrelatively straightforward steps at both an enterprise and individual level\nshould help address some of the most common security risks facing our home-working\nenvironments. We should also recognize that our threat environment is not\nstatic, which means it&#8217;s important to keep a close eye on evolving threats to\navoid unnecessary additional costs and disruptions in a time when we can least\nafford them.<\/p><p>The necessary technologies, digital tools, and procedures for mitigating the cyber security threat are available and can be implemented in a holistic and comprehensive manner with modest effort and expense.<\/p>","protected":false},"excerpt":{"rendered":"<p>Across the world, companies and governments are rapidly taking responsible measures to protect the health of their employees and citizens\u2014including asking people to work remotely. Sales, Accounting, operations, human resource&#8230;<\/p>\n","protected":false},"author":2,"featured_media":424,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[92,67],"tags":[103,99,100,101,102],"class_list":["post-423","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business","category-security","tag-covid-19","tag-cyber-risks","tag-cybersecurity","tag-wfh","tag-work-from-home"],"_links":{"self":[{"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/posts\/423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/comments?post=423"}],"version-history":[{"count":1,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/posts\/423\/revisions"}],"predecessor-version":[{"id":425,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/posts\/423\/revisions\/425"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/media\/424"}],"wp:attachment":[{"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/media?parent=423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/categories?post=423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech9labs.com\/blog\/wp-json\/wp\/v2\/tags?post=423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}