When Covid-19 forced global offices to close, there was an urgency for organizations of all kinds – particularly CIOs, CISOs and IT leaders – to secure their remote workplaces.
As the need for remote work grew, so did the threat landscape. For companies not born in the digital age, it has been overwhelming to deal with their first cloud migration and to have to secure their organization in a new way from one day to the next. When those companies made security mistakes, often as a result of human error, cyber criminals were quick to exploit them.
As we now enter the next phase of the new normal, where “work-from-anywhere” is the reality, it is important to pause and remember that the secret to success lies in doing ordinary things unusually well. Much like washing your hands or wearing a mouth mask during the pandemic, there is such a thing as cybersecurity hygiene. We are happy to promote this because it can make a major contribution to eliminating the risk associated with common cyber threats.
1. Enable Multi-Factor Authentication
“As the security landscape evolves, multi-factor authentication (MFA) has emerged as one of the best ways of protection”
Passwords alone are not enough to protect you from common security attacks. Weak or recycled passwords are often the weakest link that attackers like to exploit. As the security landscape evolves, multi-factor authentication (MFA) has emerged as one of the best ways to protect business and customer data. By requiring users to enter two or more ‘factors’ to prove their identity during the login process, mfa can drastically reduce the chances of your password being stolen.
As your cloud migration gets underway, enabling MFA as part of an in-depth defense strategy, rather than relying on employees to think about strong passwords and keep them safe, can be a key success factor.
Patch your devices
Patching corporate devices is a simple, effective, and direct way to protect employees from known vulnerabilities, resulting in greatly improved resilience to common threats such as ransomware. Through patching, corporate devices also automatically add necessary new features, remove obsolete features, and fix performance issues. Encourage employees to patch their personal devices as well.
3. Beware of Covid-19 phishing
“Recording the basics can help a lot: it starts at the top”
While phishing (and vishing) is nothing new, the Covid-19 crisis has encouraged cyber criminals to steal personal information by taking advantage of the confusion surrounding the rollout of financial assistance and other government programs.
As ordinary citizens are victims of these scams, the companies they work for are increasingly affected by loss of productivity or, worse, stolen business data.
Here’s another example of how capturing the basics can help a lot: it starts at the top. If CISOs and IT leaders simply raise awareness of these threats within their company and tell you how to spot them, security-conscious employees can defuse phishing emails and vishing calls by searching for the alarm bells, including:
- Is the subject line incorrect?
- Is the email from a known person or organization?
- Is there anything suspicious about the attachment?
- Is there something ‘phishy’ about the requested login details?
- Is the email badly written?
- Does the message require immediate, urgent attention, or money?
- Does the call come from a known phone number?
4. Secure your connection via VPN
Laptops, phones, and even the smartwatch connect to the Internet with varying (and sometimes random) levels of security. By requiring remote employees to use a virtual private network (VPN) on devices with access to corporate data, companies can determine the conditions for sending or receiving sensitive information over otherwise public connections.
In other words, if you were transporting a suitcase full of cash, would you want a courier who drives with the roof down and flies down the highway with hundred-euro notes? Or do you prefer a car in a secret, secure tunnel specially built to keep out intruders? A VPN can provide just that.
5. Secure meetings
With high-level video conferencing, it is more important than ever to review the security settings within your web conferencing platform of choice. For example, using a platform’s built-in security features – such as meeting rooms, passwords, and screen-sharing permissions – can be simple but critical steps to manage activity and prevent unauthorized access to meetings. Use unique access codes and meeting access links whenever possible, and turn off ‘beta features’ you don’t need, such as file sharing or live streaming, to minimize human error.
Author: Jim Alkove, Chief Trust Officer Salesforce