We do so many things on our smartphones: We stay in touch with friends and colleagues, we do our banking, we look for work, and so much more. Unfortunately, while phones have made it easier than ever to go about our everyday lives, they also offer another way hackers can reach us by gaining access to our money and private files. While hacking may look different than it did when home computers first became commonplace, some old school tactics are still in use alongside the new and insidious approaches hackers use to gain unauthorized access to our devices. Even if you are pretty tech-savvy, you may be inadvertently exposing yourself to risk.
Hackers target our phones for a wide variety of reasons, but there are steps you can take to protect yourself. If you think you have been hacked, please read our blog post: Hacked? Here’s What to Know (& What to Do Next). To help safeguard your smartphone as well as any networks it connects to, you and your team should be reviewing your security practices regularly.
Why Hackers Target Phones
According to the Pew Research Center, 81% of Americans use smartphones. This ubiquity partnered with the fact that many shopping apps (particularly Android apps) contain high-level security vulnerabilities. Many apps also transmit unencrypted user data, making smartphones easy targets for hackers.
To Steal Your Money or Financial Information
Ransomware attacks aren’t limited to desktops and laptops. A ransomware attack could paralyze your phone, keep you from accessing critical files, and allow unauthorized users to access sensitive personal data. The basic anatomy of a ransomware attack involves hackers tricking users into downloading malicious software (malware), which they use to take control of the device and lock users out. The hacker then threatens to delete critical files or release private information unless the user agrees to pay the ransom. While some users may be tempted, paying the ransom doesn’t guarantee you will regain control of your device or your data.
In one case, a third-party Android app promised users it would optimize their system, but instead stole money from their PayPal accounts. This wasn’t technically a phishing attack, since the login process was legitimate, but once users logged in malware initiated the automatic PayPal transfer. Other hackers target victims’ wallets by tricking them into downloading fake mobile payment apps. Once victims have entered their payment information, the hacker can do things like empty your bank account or charge purchases to your credit card.
To Eavesdrop on Your Phone Calls
While phone calls may seem old fashioned to some people, the truth is we talk about a lot on the phone. Even if you don’t use your phone to stay in touch with loved ones or discuss sensitive business information with colleagues or clients, you may have to call your bank or the government to access services. During calls with your bank, you will likely discuss your banking details, and calls to the government will inevitably require answering verification questions and confirming your social security number.
There is currently a flaw (called SS7) in the US cellular exchange that allows hackers who know a target’s phone numbers to listen to calls, read text messages, and view user’s locations. Even though US agencies have known about this issue for some time, they have yet to take action to address it, leaving American’s phone privacy at risk.
To Blackmail You
Blackmail is nothing new, but the tiny computers we carry around in our pockets contain more personal information than our desktops and laptops do, making them tempting targets for hackers.
A typical blackmailing hack may go something like this: The hacker obtains some personal information on the victim that is already available on the black market, likely as a result of a previous, unrelated breach. They use this information to trick the victim’s phone company into believing they are the user and convince the company to transfer the victim’s number to a new phone owned by the hacker. When phone companies transfer numbers, they often transfer all the information on the old phone as well, which hackers can then use to blackmail their victims. In order to regain access to their personal files, victims may feel pressured to give in to the hacker’s demands or pay a ransom.
To Mine Cryptocurrency
Any computing device, including smartphones, can be hijacked by hackers and used to mine cryptocurrencies such as Bitcoin. This attack is referred to as cryptojacking. For more information on cryptojacking, and what steps you can take to safeguard yourself, please read our blog post Cryptojacking: Because Every Currency Needs to Be Protected.
To Gain Access to Your Company
Even if hackers target your phone, you may not be their primary target. A large percentage of office workers are currently working from home, which means many of us may be using our personal smartphones for business purposes. While working in a BYOD (bring your own device) exposes companies to risk providing work laptops and work smartphones for every employee may be cost-prohibitive. Fortunately, there are steps companies and workers can take to safeguard their devices and the company network. For more information, please read our blog post, Keeping Your Network Secure in a Bring Your Own Device World.
Just For Fun & Fame
While many hackers are motivated by financial gain, some hack others for entertainment or to gain fame in hacker circles.
Cybersecurity Steps You Can Take to Protect Yourself
Stay Away From Third-Party App Stores
One of the easiest things you can do to protect yourself is to avoid third-party app stores; only download apps from trusted sources such as the Apple app store or the Android app store. However, hackers and other malicious actors have been able to penetrate these platforms as well, and some rogue apps have slipped through, so while this rule will reduce your odds of downloading a malicious app, it doesn’t completely eliminate risk.
Keep an Eye on Your Settings
Checking your phone’s settings can help you spot suspicious behavior. If your phone seems to be chewing through its battery more quickly than usual or appears to be running more apps than you currently have open, it may indicate a hacker has downloaded and is running a malicious app on your device without your knowledge.
Wait Before You Download
While you may be tempted to download that shiny new app as soon as it launches, waiting can help you ensure that new apps are free of serious security flaws. Waiting also gives developers a chance to issue patches to address any issues that do come to light.
When in Doubt, Don’t Click
Whether you are using your smartphone, desktop, or laptop, if you:
- Encounter a suspicious site
- Are sent a suspicious link
- Stumble across a sketchy looking popup
- Notice that there are apps on your phone you don’t remember downloading
You should stop using your phone until you can get some answers. If you think you may have been hacked, you should contact your MSSP right away for advice and next steps.
Not every organization can afford to support a full team of IT experts, but that doesn’t mean you can’t benefit from expert knowledge and advice. By leveraging your Managed Security Services Provider (MSSP), you can help keep your digital assets secure no matter how large or small your IT department is.
What Defines an IT Light Environment?
A company can be IT light in several ways: either light from a staffing perspective, light from a technology perspective, or both. Staffing IT light organizations have minimal internal IT staff, and may not even have a dedicated IT person on staff at all but may instead rely on one or more employees who split their time between IT tasks and their main job. This approach can be problematic as it often forces IT employees who wear several hats to focus on reacting to situations instead of addressing them proactively as the bulk of their attention must be allocated to non-IT tasks.
A technology IT light organization may have one or more dedicated IT personnel on staff, but may have small or limited IT needs or rely on IT solutions that are not sufficiently robust or comprehensive. This may be because their dedicated IT person is unsure of the best course of action or simply doesn’t know that there are better products and services available to meet your organization’s needs. Either type of IT light organization can benefit significantly from the expertise offered by an MSSP to both safeguard their digital assets and ensure their IT needs are met.
Leveraging Your MSSP
When most people think of MSSPs, their first thoughts turn to cybersecurity. While a robust cybersecurity posture is critical for any organization, a great MSSP can help supplement a skeleton crew of internal IT professionals or help you choose the right technology to suit your needs and fortify your IT infrastructure effectively. A great MSSP will help ensure your network remains secure and advise you on best IT practices to boost security and potentially even improve your network framework and performance.
A MSSP can help lessen the workload of your internal IT team and offer valuable advice. One of the biggest benefits of partnering with an MSSP is that you can access an entire team of IT and cybersecurity experts without having to hire and support a large internal team. Outsourcing your IT and cybersecurity means the cost to support that team is defrayed. Additionally, no one IT or cybersecurity expert can know everything, so relying on an entire team allows you to access more knowledge than even the most experienced internal IT or cybersecurity person can offer and doesn’t require you to hire, pay, and retain high-cost IT and cybersecurity employees.
Get a Heads Up on Potential Issues & Cybersecurity Attacks
MSSPs are also well connected, making them an excellent tool to have in your toolbox. They typically serve many customers and develop close relationships with vendors. As such, they are often able to spot potential issues before their clients can and formulate a plan to address potential problems before they can manifest. Their close relationship with vendors and expert cybersecurity and IT knowledge also mean they are often in the know regarding potential vulnerabilities and issues before the wider cybersecurity and IT community is, giving you a head start on fortifying your defenses against potential issues and attacks.
Focus on What You Do Best; Leave the Rest to Your MSSP
You aren’t in the IT business, so it doesn’t make financial sense to support a large internal IT or cybersecurity team. By outsourcing your IT and cybersecurity to the experts, you can focus on what you do best and leave the rest to your MSSP. MSSPs can be a strategic asset, identifying gaps and creating roadmaps as well as driving those roadmaps to completion. By relying on an MSSP to do the heavy cybersecurity and IT lifting (such as handling investigations, following up on alerts, and triaging problems), you can free up your staff to focus on your core business. Your MSSP will alert your internal IT or management team when necessary or simply provide notifications of problems that have arisen and already been dealt with.
The entire job of an MSSP is to handle cybersecurity and IT issues. A great MSSP has an entire team of experts working 24/7/365 to keep organizations like yours safe from malicious cyberattacks and disruptive IT issues. Since your MSSP handles all of the IT and cybersecurity staffing, you never need to worry about being left vulnerable by staff turnover or team members taking leave (such as maternity leave). You get seamless, 24/7/365 service at a fraction of the cost it would take to support an internal team of the same size and staffed by the same number of experts. A great MSSP also understands the unique considerations and requirements of your industry, whether you:
Ensuring your IT and cybersecurity needs are met is vital for supporting your daily operations and safeguarding your digital assets. If your organization isn’t large enough to justify supporting a large internal team of IT and cybersecurity experts, you may want to consider partnering with an MSSP. Your MSSP can handle the majority of your IT and cybersecurity tasks, consult with internal IT or management teams as necessary, and free up your staff to focus on your core business.
The healthcare industry continues to lag behind on cybersecurity, even as it is increasingly targeted by cybercriminals.
Why is that, and what can you do to better protect your organization in 2020?
The True Cost of Healthcare Cybersecurity Breaches
When most of us think of organizations being hacked or breached, we think of sensitive data being leaked, causing profits to plummet, or vital documents being held hostage until a ransom is paid. However, when it comes to the healthcare industry, often the true cost of an attack is much more than just money.
The Cost to Patients
The inability to access medical records, lost productivity as systems are down, and money paid to cybercriminals all have a real impact on the health and wellbeing of patients. One famous healthcare-focused cyberattack, the 2019 ransomware attack on the Grey’s Harbor Community Hospital and Harbor Medical Group, forced the hospital and the medical group’s clinics to revert to paper medical records and affect backups. Though most records were recovered, it still isn’t clear if some medical records were permanently lost.
A breach can also damage the relationship between the patient and their doctor, as many patients may avoid seeking medical help if they are worried cybercriminals or other unauthorized users may access their private medical information. These emotional consequences can seriously damage the health and wellbeing of patients and make it more difficult for doctors to rebuild patient trust and ensure their patients are getting the care they need.
The Cost to Medical Science
Depending on the nature of the breach, valuable research data and intellectual property may be damaged or lost, which can delay research into life-saving treatments. That sort of research is invaluable, and its loss can have devastating consequences for the health and wellbeing of potentially millions of people.
The Unique Challenges of Healthcare-Focused Cybersecurity
Research has shown that the healthcare industry is a prime target for medical information theft at least in part because it lags behind other industries in securing its vital data. So why does this industry, whose assets are crucial to human health and wellbeing, lag so far behind?
To begin with, so much of what hospitals do relies on the internet, from patient test results and medical records to the various machines and technologies used to provide patient care. While this interconnectedness is excellent for data integration, patient engagement, and clinical support it also means that a ransomware or other attack can spread quickly between vital systems, accessing patient data and other highly sensitive information, hijacking medical equipment to mine cryptocurrencies, or shutting down entire hospitals or hospital networks until a ransom is paid.
Not All Software Can be Patched
One of the unique challenges of healthcare is that there is a wide mix of equipment. While some equipment is cutting edge, many pieces of healthcare technology still in use were made by companies that are no longer in business or run on old software that has gaping security holes that can’t be patched. That means that even if vulnerabilities are known to exist (which isn’t always the case), there may not be a way to fix them.
The obvious answer would be to move away from outdated software and equipment with known vulnerabilities, but that is easier said than done. While a small or even medium-sized business could handle a temporary shutdown to migrate the entire network over, hospitals and other healthcare facilities don’t have that luxury: the entire system needs to be running 24/7/365.
Shutting down older equipment and transferring all of the data stored on the network can also be incredibly costly. The ability to patch and update software both extends the lifespan of current equipment and reduces costs.
Human Error Can Expose Patient Data
On the data privacy side of things, recent research from the JAMA found that most breaches in medical settings were triggered by unauthorized disclosures or employee error. When multiple shift doctors, nurses, and specialists need to be able to quickly and easily access sensitive employee data, it increases the odds of one person making a mistake that could leave this data vulnerable.
The Biggest Cybersecurity Threats to be Concerned About in 2020
There are a few threats that healthcare providers should be particularly concerned about in 2020. If you are unsure what steps you can take to improve your organization’s cybersecurity posture, please speak to your MSSP (Managed Security Services Provider).
Ransomware was a huge problem in 2019, particularly for healthcare providers, and it is likely only going to get worse. Unlike some other businesses, healthcare providers aren’t able to pause operations to try and get their files unencrypted to avoid paying the ransom. And while some businesses can carry on even if they are unable to recover a few encrypted files, sometimes even a single unrecoverable file, such as a patient’s electronic file or test results, can have disastrous consequences for the health and wellbeing of patients.
Unsecured Medical Devices
Businesses in a variety of industries, including the healthcare industry, have enthusiastically adopted a wide variety of Internet of Things (IoT) devices. In fact, some reports speculate that from 2019 and 2024, we will see a combined annual growth rate of 27.6% for healthcare IoT devices.
However, in 2019 the FDA warned that a cybersecurity firm had identified 11 vulnerabilities that could allow hackers to control medical devices remotely. That report has likely prompted many healthcare providers to take a closer look at their current cybersecurity postures. Hopefully, that focus will continue in 2020 so that these and other vulnerabilities can be addressed.
Unsecured Electronic Health Records
Electronic health records have made it significantly easier for both healthcare professionals and facilities to access patient files, though this system does come with special cybersecurity considerations.
Though there are already privacy laws in place to safeguard sensitive patient data, these laws were mostly written with people in mind, not software. That means that many of these systems remain vulnerable to exploitation by cybercriminals, since the software that many of these systems run on or interface with may have been written in a time before the IoT. Depending on when the software was written, the company may not be around to issue software updates and patches, and even if they are, the software may not be compatible with many necessary cybersecurity updates.
Hopefully, findings like the FDA report mentioned above will encourage the companies that design electronic health record systems to evaluate their software critically so that it can be modified to better safeguard patient data.
How Can Healthcare Organizations Improve their Cybersecurity Posture?
Every organization is different and has slightly different cybersecurity needs. As such, the first thing any organization should do is sit down with their MSSP to identify their cybersecurity needs and create robust yet flexible cybersecurity protocols.
Organizations should also work with their healthcare-focused MSSPs to identify credible threats and create tailored response plans to address those threats. These response plans should be designed to minimize or even eliminate damage to critical systems and help safeguard both vital infrastructure and sensitive data.
To help you get started, please review our blog post Cyber Hygiene 101: Basic Steps to Keep Your Company Secure.
The number of cyberattacks continues to rise every year, and industries that have traditionally been insulated are now more likely to be targeted than they were in the past. As smaller manufacturers aim to stay competitive, many are moving away from analog processes and going digital. While this can be a great way to increase productivity, it can also leave unprepared businesses vulnerable to cyberattacks.
Fortunately, there are a few things businesses can do to help improve their cybersecurity posture. This can include working with experts to evaluate their current defenses, addressing potential vulnerabilities, and investing in employee training.
Is the Manufacturing Industry at Risk?
According to the United States Department of Homeland Security, based on the number of reported cyber attacks, the manufacturing industry is the second most frequently targeted industry in the United States.
Why is the Manufacturing Industry Being Targeted?
Smaller manufacturers are more likely to be targeted than their larger counterparts because cybercriminals often view them as easy entry points into larger manufacturing chains.
Unfortunately, there is still a common perception in the small business community that smaller organizations are too small to be targeted when, in fact, these businesses should be extra vigilant.
What Can I Do to Protect My Business?
There are a few steps you can take to improve your current security posture so you can fend off attacks. However, even the best cybersecurity defenses aren’t completely protected from vulnerabilities, so you should also have protocols in place so that all stakeholders (including management and employees) know how to respond if an incident occurs.
Evaluate Your Current Defenses
Before you can improve your current defense systems, you need to know what your current shortcomings are. A full audit can help you catalog your current defenses, but if you really want to figure out where your weak spots are, you may want to consider a pen test.
A pen (penetration) test involves hiring an ethical hacker to stress test your current defenses. They target your current defenses in an effort to break in and take detailed notes about what strategies they tried and how effective they were. Once the test is done, the ethical hacker sits down with you to review their findings and make suggestions.
Address Potential Vulnerabilities
Now that you know where your potential weak spots are, you can take steps to address them. Most small and medium-sized manufacturers don’t have the resources to support full-time in-house cybersecurity teams, which is why more businesses are choosing to outsource their cybersecurity.
By choosing to work with a cybersecurity company, you can enjoy 24/7/365 monitoring and support. Your cybersecurity experts can help you audit your current defenses, address potential vulnerabilities, create robust yet tailored incident response plans, and help with employee training.
Create Robust Incident Response Plans
It’s always good to have a backup plan. When it comes to cybersecurity, you should always have detailed, robust, and flexible incident response plans in place in case of a cybersecurity attack. These plans should cover potential incidents, identify how a potential threat is detected, and make sure every key player understands their role.
Keep Your Software Up to Date
Keeping your software up to date is one of the easiest steps you can take to help safeguard your company’s digital assets. Whenever a software company discovers a bug or vulnerability in their product, they release patches to fix the issue. However, companies can only take advantage of patches if they update their software.
Unpatched software is particularly vulnerable because software companies announce the patches, and the bugs or vulnerabilities they are designed to fix, which means that cybercriminals now know where to focus their hacking efforts.
Keep an Eye Out for Trouble
You can’t adequately protect your digital assets if you don’t know what threats are out there. Managed threat intelligence lets you keep an eye on your entire operation, alerts you to suspicious activities, and confirms threats quickly so they can be addressed.
Invest in Employee Training
Even the most robust and well-crafted cybersecurity plan is useless if it can’t be implemented effectively. Employees need to understand why cybersecurity is critical and what role they play in safeguarding the company’s digital assets. New employees should be provided with cybersecurity training as part of their onboarding process, and all employees can benefit from annual refresher training.
You may also want to consider running tabletop scenarios. Tabletop scenarios are similar to fire drills: They allow your team to practice responding to potential threats in a no-stakes environment. The facilitator poses a scenario, and your employees work together to address the situation and minimize or even avoid disruption and damage. Once the scenario is finished, your team sits down and reviews their findings, identifying gaps in your current protocols or employee knowledge so that they can be addressed.
Cybercriminals are increasingly targeting the manufacturing industry, and smaller manufacturers without robust cybersecurity protocols in place are particularly vulnerable. Investing in good cybersecurity is an investment in your business, and MSSP experts are here to help you every step of the way.
COVID-19 & the Sudden Shift to Remote Work
As COVID-19 forces employees to practice social distancing, or even to self-isolate or shelter in place, the ability for employees to work remotely has gone from a luxury to a necessity. However, pivoting quickly to a mostly or fully remote workplace isn’t an easy task, and brings with it unique costs and infrastructure requirements.
The Infrastructure & Costs Required to Effectively Support a Remote Workforce
Your team can only remain productive if they have the tools they need to do their jobs effectively. However, though your employees may be set up for success at the office, you will likely need to make a few infrastructure changes if your company isn’t already set up to support remote work. To help your company transition, and keep your digital assets safe both during and after the shift, you may want to consider consulting with your MSSP (managed security services provider).
If your employees mainly rely on desktops to complete their work, you will either need to permit them to bring those computers home temporarily or provide them with laptops. Laptops are significantly more portable and require less physical space than their desk-bound counterparts. This is particularly beneficial for employees who don’t have home offices and are likely going to find themselves working from their kitchen tables or another mixed-use space.
Secure Connections & VPNs
Having employees work from home means they will likely need to access company resources (such as internal networks or sensitive files) remotely. To help safeguard your company’s digital assets, you may want to consider providing your employees with secure connections or VPNs.
For more information about secure connections and VPNs, as well as tips for safeguarding your digital assets while employees are working remote, please read our blog post: COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks).
Leveraging the Cloud
The cloud is, by design, great for supporting remote work. It allows multiple users to access documents simultaneously, cutting down on the unnecessary emailing back and forth and helping ensure all users are referencing the most up to date documents. Programs such as Google Drive can support a wide variety of cloud-hosted documents, including word processing documents, spreadsheets, and PowerPoint-style presentations. You can also easily upload existing documents and files and specify whether the people you share documents with have viewing, commenting, or editing privileges.
For more information about what the cloud is and learn more about its benefits, please read our blog post: Cloud Isn’t the “Future”; It’s the Now.
The most efficient teams are the ones that communicate frequently. To help your team stay engaged and connected while everyone is working from home, you are likely going to have to rely on video conferencing apps (such as Google Hangouts, Skype, Microsoft Teams, or Zoom) as well as workplace instant messaging apps (such as Slack).
Video conferencing is great for meetings as well as getting some face-to-face time with your team, while instant messaging apps are better for quick questions and the more casual conversations that used to happen around the water cooler or in the break room.
Video conferencing is also great for morale and staying connected on a more emotional level. Scheduling teamwide “lunch dates” or morning check-ins can be a great way to keep spirits up and maintain team cohesion while also letting your employees know that you care about them and are here to support them.
To help support businesses during the pandemic, many video conferencing companies are offering their products for free or at a reduced cost.
Reliable Home Internet
Employees are going to require reliable, high-speed internet to help them stay connected and access the cloud. While most employees likely have internet connections that are robust enough to support applications such as video conferencing, you should have your managers touch base with their teams to ensure everyone has the tools they need to succeed.
Depending on how much of your current infrastructure needs to change, the costs to pivot quickly may be substantial. If you weren’t planning on investing in your infrastructure to support remote work (and therefore didn’t account for it in your annual budget), the costs of this sudden pivot might be compounded if your organization is currently facing reduced profitability in the short term.
Shifting to Remote Work Can Help Future-Proof Your Business
By investing in your organization now, you can not only support your workers during this pandemic but also help future-proof your business. Though the up-front costs are certainly something to consider, remote work has many proven benefits both for employees and employers. These include increased productivity, improved performance, increased engagement, and higher job satisfaction rates. All of these benefits can, in turn, translate into higher profits in the long term, even if your bottom line is currently taking a beating.
Depending on how much of your workforce you allow to continue to work remote once the pandemic is over, you may also find that having fewer employees in the office at one time means you can reduce operating costs by taking steps such as moving to a smaller office.
Being able to support remote work effectively also means you can draw from a wider talent pool and attract workers that are either unable or unwilling to relocate for work. Offering a more flexible working arrangement can also help you attract top-talent with little to no additional costs once you have made the necessary adjustments to your current infrastructure.
Not all IT professionals can be experts at everything, and that’s okay. If your current IT department is feeling overwhelmed an experienced MSSP can help.
COVID-19 is changing the way society handles a lot of things, including how we work. As companies rapidly shift to remote workplaces, we can expect there to be a few hiccups along the way. In response to this lack of preparedness, cyber-criminals are increasingly taking advantage of the chaos COVID-19 has caused. Fortunately, there are concrete steps you can take to safeguard your network and digital assets while supporting a remote workforce.
Why Telecommuting, Video Conferencing, & Remote Work Are More Important Than Ever
As companies shut their physical offices and mandate that employees work from home, telecommuting, video conferencing, and remote work are becoming vital tools that businesses need to be able to leverage effectively to stay in business. In some cases, employees who have been told to self-isolate or live in states such as California and Illinois (which have ordered all residents to shelter-in-place), working from home is the only option.
Video conferencing, in particular, has become the lifeblood of many businesses as suddenly far-flung workforces work to stay connected. From important meetings to social situations (such as having lunch as a group), videoconferencing allows businesses to maintain a sense of community and ensure that workers can connect with one another to complete their tasks and achieve their goals.
The Hazards of Remote Work
Bad actors may try to take advantage of the chaos that suddenly pivoting to a remote workforce can bring. When employees work from home, they may be using inadequately protected devices or unsecured internet connections. They may also be more likely to share files over the cloud or send attachments over email.
As the number of emails increase, as employees work hard to keep everyone up to date and in the loop, employees may be less likely to catch suspicious emails (such as phishing scams). If they do suspect something is fishy, they may not know how to properly report it now that they can’t just walk over to the IT department.
It doesn’t help that cybercriminals are taking advantage of the COVID-19 pandemic to spread malware, even going so far as to impersonate trusted organizations such as the WHO and the CDC in an attempt to get unsuspecting users to download malicious files or click on dangerous links.
Safeguarding Your Business From Bad Actors
Fortunately, there are several steps you can take to help safeguard your company’s infrastructure and digital assets.
Implement Good Security Protocols
Without the implementation of robust security protocols in place, your chances of detecting, defending against, and mitigating the damages caused by a cybersecurity attack are very slim. By comparison, the way you would mark emergency exits, practice fire drills, and post evacuation plans in prominent locations to safeguard your employees in the event of a fire, you also need to be prepared to confront and deal with cybersecurity attacks quickly and effectively.
You should work with your cybersecurity provider to ensure that your incident response protocols are up to date and review your protocols with your employees. Depending on your organization’s unique cybersecurity needs, you may need to work with your provider to update or adjust your protocols and policies to ensure that they continue to meet your needs as you switch to a remote workforce.
Smart Data Management
As employees work from home, more information is likely to be shared among them using email, instant messaging apps, and the cloud. Smart data management strategies allow you to ensure that private or sensitive company information isn’t able to be shared with unauthorized users, and also helps ensure that employees can access the information they need to complete their work.
Protect Your Devices
As workforces leave centralized locations such as offices and disperse to their homes, it is more important than ever to ensure that all of your endpoints are protected.
Depending on your company’s current BYOD (bring your own device policy), you may need to consider what steps you are going to take and insist your employees take, to safeguard digital assets and infrastructure accessed from personal devices. At the very least, employees should ensure they have firewalls installed and that their antivirus software is up to date. You may also want to consider providing employees with secure connections and VPNs.
Secure Connections & VPNs
Secure connections and VPNs (Virtual Private Networks) can allow your employees to access company files and networks securely.
- Secure connections refer to connections that are encrypted using one or more security protocols to ensure that data flowing between two or more nodes is secure. The purpose of secure connections is to prevent unauthorized third parties from accessing sensitive data and prevent this data from being viewed or altered by unknown parties. To safeguard data, secure connections require users to validate their identity.
- VPNs, on the other hand, are used to create private networks using public internet connections. VPNs are designed to mask your IP (internet protocol) address, making the user’s online actions virtually untraceable.
Though COVID-19 will, eventually, come to pass, it will likely leave a lasting mark on the world. By making smart investments in your infrastructure and data security now, you can not only safeguard your employees and your company now but help future proof your business.