As many companies adopt work-from-home policies in response to the COVID-19 pandemic, cyber security is a growing issue. Cyber criminals are seeking to exploit the coronavirus to target companies and individuals. As a result, Unit 42, the global threat intelligence team at Palo Alto Networks believes that both business leaders and individual employees have critical roles and responsibilities in securing their organisation and in ensuring that cyber attacks do not further compound the already disrupted work environment.
In this critical time, business leaders have a heightened responsibility to set clear expectations about how their organisations are managing security risk in the new work environments, leveraging new policies and technologies and empowering their employees. “It’s important that messages on security come from the very top of an organisation, and that good examples are set from the start. Here are three recommendations for business leaders.” says Ryan Olson, Intelligence Director at Unit 42, the global threat intelligence team at Palo Alto Networks.
Olson says that management should understand the threats to their organisation. Business leaders should work with their security teams to identify likely attack vectors as a result of more employees working from home and prioritise the protection of their most sensitive information and business-critical applications. They must ensure that home-working policies are clear and include easy-to-follow steps that empower employees to make their home-working environment secure. This should include instructing employees to communicate with internal security teams about any suspicious activities. Leaders should also ensure all corporately owned or managed devices are equipped with essential security capabilities, extending the same network security best practices that exist within the enterprise to all remote environments.
On an individual basis, users should maintain good password hygiene by using complex passwords, multifactor authentication where possible and change passwords frequently. They should also ensure that systems and software are updated in a timely manner, and that their Wifi access point is also well secured and maintained.
Additionally, a virtual private network (VPN) can help create a trusted connection between employees and their organisations and ensure ongoing access to corporate tools. Corporate VPNs provide additional protection against phishing and malware attacks, the same way corporate firewalls do in the office.
Importantly and interestingly, Olson suggests that individuals should not mix personal devices and work devices. “Employees should use their work devices to do work and their personal devices for personal matters. If you wouldn’t install or use a service while you’re at the office, don’t do it while at home on your work device.” says Ryan Olson.
“Taking these relatively straightforward steps at both an enterprise and individual level should help address some of the most common security risks facing our home-working environments. We should also recognise that our threat environment is not static, which means it’s important to keep a close eye on evolving threats to avoid unnecessary additional costs and disruptions in a time when we can least afford them.” concludes the Unit 42 director.
Source: Security World Market