With the need for new ways to keep business moving, new risks are added to the equation. Luckily, some simple things can be done to make immediate impacts on those risks and to help protect your business without opening up the door to new attacks that could bring operations to a screeching halt, expose client data, or create irreparable harm to your reputation.
Let’s get straight to the remote work actionable cybersecurity recommendations that your company can implement to reduce your risk as your attack surface expands.
- Secure outlook web clients with our Business Email Compromise Plan of Action and Milestones (POA&M).
- Enact and enforce dual approval for financial transactions.
- Consider purchasing additional endpoint protection licenses for workers using personal computers at home.
- Secure cloud-based accounts by enforcing multi-factor authentication and by turning on user audit and activity logging (where possible).
- Review your incident response plan. Ensure individuals with roles and responsibilities are aware of their functions.
Follow a plan of action
We’ve put together a plan of action with some basic steps every business should implement to secure their web-based email and action items for working from home. Simple actions such as turning on multi-factor authentication, audit logging, and alerting can help secure your business during these pressing times.
Plan of Action & Milestones – Email
While considering your work from home protections, ensure email Office 365 email systems have been hardened. We’ve created a plan of action for securing your email and recovering from a business email compromise attack. You can download our business email compromise protection and recovery plan of action here.
Plan of Action & Milestones – Working From Home
We’ve also created a plan of action for all items in this blog. To protect your business and employees, utilize Rigid Bits’ working from home plan of action. You can download our working from home plan of action here.
Enforce dual approval
Without being side by side, it may be even more critical to use a policy of dual approval for any financial transactions. If your business regularly sends wire transfers, ensure two humans have reviewed the wire transfer routing and bank account numbers. If you’re being asked to send to a different number because of an unforeseen change, that’s a big red flag.
Protect home assets
While the computers in your office may have endpoint protection, its possible home computers do not. Consider extending your licensing agreement to allow employees to install endpoint protection on their personal home computers.
Secure cloud-based accounts
This is a great time to take an inventory of the cloud-based systems your employees rely on for work. For each of these systems and applications review their settings and configure them to enforce multi-factor authentication and where possible enable user audit and activity logging.
Review your IR Plan
It may be more difficult to put out cybersecurity fires during this time, so it’s worth reviewing your incident response plan. Also, you’ll want to make sure employees with IR roles and responsibilities are up to speed and aware of their IR functions.
Be aware of attacks
In addition to the above actionable items, it’s important to remember to stay vigilant to malicious phishing emails. Hackers do not take days off, they pounce at weakness. Consider reminding your employees of their commitment to protecting the company as they work remotely. They are likely to see an increase in phishing emails including tricks using world events and hot topics.
Remember these tips when considering clicking on links or downloading files:
- Identify appeals to emotion and a sense of urgency
- Use stop and think. Take your hands off the keyboard and mouse and pause
- Forward suspicious emails to your help desk or designated representative for review
Reach out for more
Each business has its own unique risks, which you can learn more about for free with the help of our friendly staff. We’re here to help you identify your cybersecurity risks and learn more about what you can do to mitigate them, no matter your size or industry.
Dustin Mooney is a Co-Founder and Principal Consultant at Rigid Bits, a cybersecurity firm that helps businesses identify and reduce their risks, meet compliance and 3rd party requirements, and prepares them to be more resilient in the face of cyber threats. Contact Rigid Bits at firstname.lastname@example.org or learn more at www.rigidbits.com.
A Note From FCIS:
Even if you are aware of the potential cyber security risks of work from home environments and have taken steps to mitigate them, sometimes the unexpected does still happen. That’s where insurance comes into play.
In addition to helping you analyze the cyber security issues your business may face, FCIS is here to assist you in finding the right insurance policy to protect against liability and cover regulatory proceedings and reporting obligations, loss of income, and even cyber extortion.
Ready to get started? Contact us today.