Here is Tip #2 for National Cybersecurity Awareness Month: Mitigate threats due to remote workers.
Organizations are more vulnerable now that the majority of the workforce is remote due to the COVID-19 pandemic, and cybercriminals are ramping up their efforts to break through your security.
A few of the things cybercriminals have been taking advantage of are:
- Email phishing: These attempts try to get your team to click a link or download a file that will expose their login data or open the gate for a ransomware attack.
- Unencrypted/insecure connections: These connections between employees and your network can allow attackers to intercept traffic and obtain sensitive information.
- Poor patch management policies: Poor patch management leaves devices vulnerable to new attacks. New vulnerabilities are identified daily, and hackers are quick to search for systems that haven’t been patched in order to exploit them.
- Weak password policies: Weak passwords can make it easier for attackers to get in when policies allow for dictionary words or other easy-to-guess passwords.
Steps you can take
To help keep cybercriminals out, take these four steps:
- Conduct regular security awareness training that teaches employees to identify and report suspicious e-mails. Additionally, instruct them on the dangers of clicking links in e-mails and downloading files, especially from sources they do not know or trust.
- Establish a Virtual Private Network (VPN) that uses strong encryption for employees to connect to your internal environment from their homes. This will make it immensely more difficult for an attacker to intercept and view the data being sent back and forth.
- Implement a patch management program that is able to manage updates to remote devices over a VPN connection. Also, instruct your employees to shut down their devices nightly to ensure patches are installed fully.
- Implement a strong password policy and a password filter that prevent the use of easily guessable passwords and dictionary attacks. Additionally, implement multifactor authentication for remotely logging in to company resources.