- Train all your employees on how they can help protect your organization against cyber threats.
Enlisting your employees and other stakeholders in protecting confidential data is critical for protecting your organization’s confidential data. Cybersecurity awareness training helps employees learn about dangers they may face and how they should respond. You might even consider training your contractors and vendors as well.
Refresh cybersecurity awareness training as new threats emerge. Requiring employees to complete cybersecurity awareness training at least annually helps them remain aware of security issues as they do their work.
- Regularly update antivirus and firewall software when patches and new versions are released.
Antivirus and firewall products work best when used together as they complement one another. On a daily average, hackers attack organizations about 2,244 times, according to SOURCE. [MS1]
Antivirus and Antimalware solutions scan for signature files that may harm your enterprise. Firewalls allow managing internet traffic through specific ports – open only the ports necessary to access applications and data. Ideally, consider selecting antivirus and firewall solutions that support centralized management by IT and automatically apply updates rather than relying on the employee to update them manually.
- Chose cloud storage over local data storage for sensitive data.
Using secure cloud services to store and secure confidential customer and employee data is a cost-effective, convenient, and easily accessible alternative to companies hosting their own storage servers. Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) are among the most popular cloud service providers. Cloud service vendors provide the security and backup of their environments, offloading many of those tasks from in-house IT staff.
- Discourage the use of USB sticks and external hard drives.
Before cloud services became popular, employees used external storage devices like USB sticks and hard disks to access important files wherever they go. While these devices’ portability and convenience were appealing, the risk of losing critical company data was high. Companies can now offer their teams cloud-based storage for their work files, which provides a better and safer alternative than USB sticks and external hard drives.
- Provide a Virtual Private Network (VPN) to be used for all remote connections to your systems and data.
A Virtual Private Network is one of the safest ways to create a secure connection over the internet. VPN software enables business travelers and remote employees to use most Wi-Fi and wired internet connections to connect their device to the company network securely.
However, employees should still be mindful of which Wi-Fi networks they may consider using and evaluate the Wi-Fi connection provider’s trustworthiness. Some Wi-Fi hotspots may be malicious, while others may lack encryption and be easily intercepted by cybercriminals.
- Require employees to enable WPA2 on their home routers when connecting remotely.
Home routers are a critical piece in ensuring a secure remote connection to your organization’s network. The router processes all internet traffic going connecting from the devices tied to it. An insecure router or home network could cause a cyber breach of your organization’s data.
Home routers should use WPA2 security, which requires each new device that connects to the router to enter a password to establish an internet connection. All employees working from home should confirm that their router settings are configured to use WPA2.
- Require strong passwords that are changed regularly.
Remind employees to change their Wi-Fi network’s password regularly, just as they periodically change their passwords for business apps that access sensitive data. Wi-Fi networks should use strong passwords that are a minimum of eight (8) characters that include alphanumeric and special characters.
- Utilize two-factor or multi-factor authentication.
Practically everyone has at least once been the victim of a hack or attempted hack of their accounts or devices. The scary reality is that many of us are just one data breach away from having our entire internet life turned inside out. The same risk applies to enterprise data.
One of the best ways to avoid getting hacked is by enabling two-factor or multi-factor authentication (often called 2FA). No matter how long and unique passwords are, passwords alone are insufficient to secure data. People may inadvertently provide their credentials when requested by scam phone calls or phishing websites and emails. 2FA can stop up to 99.9% of automated attacks. 2FA may send a message to your mobile phone with a one-time password.
- Provide your remote team the tools and IT Support they need.
During the past year, the world has adapted to a work-from-home culture. Ensure employees have the technology required to be successful, including providing them with up-to-date mobile devices and laptops along with VPN, antivirus, and antimalware software. Monitor vulnerable business applications, require strong passwords for all applications and institute session timeouts and logouts after a brief period of inactivity. Develop best practices for working remotely and communicate them regularly to employees.
The post Nine Cybersecurity Best Practices for Organizations with a Remote Workforce first appeared on SecureFLO.
*** This is a Security Bloggers Network syndicated blog from SecureFLO authored by Santosh Kumar. Read the original post at: https://secureflo.net/2021/02/12/nine-cybersecurity-best-practices-for-organizations-with-a-remote-workforce/