We’ll skip the reminder that things are volatile right now. Let’s get straight to the remote work actionable cybersecurity recommendations that your company can implement to reduce your risk as your attack surface expands.
- Secure outlook web clients with our Business Email Compromise Plan of Action and Milestones (POA&M).
- Enact and enforce dual approval for financial transactions.
- Consider purchasing additional endpoint protection licenses for workers using personal computers at home.
- Secure cloud-based accounts by enforcing multi-factor authentication and by turning on user audit and activity logging (where possible).
- Review your incident response plan. Ensure individuals with roles and responsibilities are aware of their functions.
Follow a plan of action
We’ve put together a plan of action with some basic steps every business should implement to secure their web-based email and action items for working from home. Simple actions such as turning on multi-factor authentication, audit logging, and alerting can help secure your business during these pressing times.
Plan of Action & Milestones – Email
While considering your work from home protections, ensure email Office 365 email systems have been hardened. We’ve created a plan of action for securing your email and recovering from a business email compromise attack. You can download our business email compromise protection and recovery plan of action here.
Plan of Action and Milestones – Working From Home
We’ve also created a plan of action for all items in this blog. To protect your business and employees, utilize Rigid Bits’ working from home plan of action. You can download our working from home plan of action here.
Enforce dual approval
Without being side by side, it may be even more critical to use a policy of dual approval for any financial transactions. If your business regularly sends wire transfers, ensure two humans have reviewed the wire transfer routing and bank account numbers. If you’re being asked to send to a different number because of an unforeseen change, that’s a big red flag.
Protect home assets
While the computers in your office may have endpoint protection, its possible home computers do not. Consider extending your licensing agreement to allow employees to install endpoint protection on their personal home computers.
Secure cloud-based accounts
This is a great time to take an inventory of the cloud-based systems your employees rely on for work. For each of these systems and applications review their settings and configure them to enforce multi-factor authentication and where possible enable user audit and activity logging.
Review your IR Plan
It may be more difficult to put out cybersecurity fires during this time, so it’s worth reviewing your incident response plan. Also, you’ll want to make sure employees with IR roles and responsibilities are up to speed and aware of their IR functions.
Be aware of attacks
In addition to the above actionable items, it’s important to remember to stay vigilant to malicious phishing emails. Hackers do not take days off, they pounce at weakness. Consider reminding your employees of their commitment to protecting the company as they work remotely. They are likely to see an increase in phishing emails including tricks using world events and hot topics. Remember these tips when considering clicking on links or downloading files.
- Identify appeals to emotion and a sense of urgency
- Use stop and think. Take your hands off the keyboard and mouse and pause
- Forward suspicious emails to your help desk or designated representative for review