IT departments across the U.S. are currently facing challenges as COVID-19 is quickly forcing a remote, agile workforce to become the norm. This workforce may have been present in some capacity already; however, the number of users that will begin to use these mediums will strain the technologies in place and the teams that manage them.
Here are a few security measures that can be implemented quickly to help ensure protection over corporate assets and users as a whole:
- Remote Access – All connections to and from remote devices should be forced over a VPN or some other encrypted tunnel. Remote administration access, such as Secure Shell (SSH) or Remote Desktop Protocol (RDP), should be forced over VPN connections as well. Some of the most recent ransomware outbreaks have taken advantage of open RDP connections to the internet, which could cause irreparable damage for organizations already struggling to mobilize their workforce.
- Multi-Factor Authentication (MFA) – If logins to corporate assets do not already require MFA, it should become a high priority. Once MFA has been set up, using an authentication application that supplies a One Time Passcode (OTP) is more secure than receiving an OTP via text message or email. Microsoft has guidance for implementing MFA for their Office365 users and how to properly set access using the Microsoft Authenticator App.
- Social Engineering – End users are getting inundated with communications from vendors and other companies detailing actions being taken in response to COVID-19. Now is a great time to reiterate to your staff the increase in phishing attacks, the characteristics of a phishing attack and how to identify it. Users should be trained to check the sender’s full email address, hover over links and ask, “Was I expecting this email?”
Even though convenience and access to corporate systems is critical for companies, security should not be an afterthought. Attackers have created phishing campaigns pretending to be an organization explaining the precautions they are taking, targeting not just company employees but the general public as well. While these campaigns prey on hysteria and human error, it is important to remember that misconfiguration of technology infrastructure needed to support a mobile workforce also poses a higher risk for organizations in today’s business climate.
For more answers on how to protect from various cybersecurity threats, please contact a member of our DHG IT Advisory team.
About IT Advisory
DHG IT Advisory works with companies to manage technology risk while maintaining data integrity, protecting privacy and complying with regulations. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs that drive your business.