Part 2: Steps To Be Taken By Your Team
If you haven’t yet read our previous piece in this blog series, which explains what steps your organisation needs to take in order to check cybersecurity risks, we recommend that you go through it first to understand this topic better – here. In this article, we cover some of the most important steps your team needs to discuss and create an action plan.
#1. Secure Remote Access to Company Data
If your teams are currently using personal devices for work (BYOD policy), and this is not the norm, then cybersecurity risks are much higher than usual as these machines are not governed and potentially not managed. This means that these machines may not have up to date Anti-Virus, Windows patching in place and have unauthorised/managed applications installed. meaning they can be compromised using known security holes. There are many solutions/strategies that can be put into place by the right Technology Partner, that also matches your business productivity needs while securing your data (crown jewels)
#2. Provide a Secure Connection to All systems/Applications while Remote
If/when a remote machine is compromised, hackers will review the data and access this machine has to the rest of the network or remote network, and “oh yes you help them by having shortcuts and favourites to help them navigate easily”. The next step is usually stealing sensitive business data and then encrypting this data. Therefore, it now more important than ever to make sure your entire remote team are provided:
- Access to data/systems that are required to fulfil there role only.
- Utilise a secure method to connect to data/systems that is being proactively monitored and kept up to date (to remove known security wholes that are published around the world)
- All-access should be secured by Two Factor Authentication (2FA) to remove the risk of capturing your known password or using the saved password on the compromised machine.
- All remotely accessed systems should be proactively monitored 24/7/365 for unusual activity and responded to with full visibility available to you.
#3. Implement Email Filtering and Security Strategies
With large publicity and your team being anxious over common topics at present like Covid this is a daily rapid increasing topic for hackers to utilise. This means email is a common platform to trick your team with unexpected emails asking for a call to action (phishing). These are designed to capture the audience and push for a call to action like capturing your password, request a payment or redirection to a compromised website.
#4. Data Encryption Control
The last thing you want is one of your organisation’s insiders to become the weak link when their workstation gets lost or stolen from them, and it contains your data (crown jewels).
This is much harder to resolve/reduce the risk once you are in this situation, plan now to put measures in place that you can trigger and rest assured the risk is removed quickly, by:
- Encryption of all portable/home situated workstation disks, if Windows 10 you could utilise Bitlocker as an option
- Apply solutions that mean no business data is located on these machines but is accessed via the cloud
#5. Authorised Application for Communication and Data
Ensure your team know what applications are authorised and the process to get an application authorised. Before you know it your business data could be located within an application that is located in the cloud and this may compromise your security or worse break your agreements with your clients regarding the location of their data/personnel data.
Final Thoughts
This isn’t a definitive list of actions your IT team needs to take for improving the cybersecurity strength of your organisation. However, it’s certainly a good place to start.