Here is Tip #3 for National Cybersecurity Awareness Month: Make working from home safer.
Cybercriminals aren’t just trying to exploit weaknesses in employees — they’re also targeting equipment and gaps in your processes. Here are a few areas open to attack:
Improperly configured access: Giving users more permissions than are necessary can lead to more information being lost and more damage being done to your network, customers and reputation.
Missing equipment: The likelihood of a laptop going missing is high. Lack of disk encryption makes it easy for cybercriminals to access data and network resources.
Personal equipment: If employees conduct business operations from their personal computers, you cannot manage the security of the device, which increases the risk that your network will be compromised.Unencrypted emails: With more remote workers, the risk that sensitive information can be obtained from emails that aren’t encrypted is even higher.
Steps you can take
– Ensure users are only given permissions to access the data needed to do their job, and give their account the lowest level of privilege that is needed for access.
– Configure access control lists within your environment to prevent unauthorized devices and users from being able to access sensitive systems or data. Also, do not allow users to have local administrative privileges on their computer.
– Implement full disk encryption on remote devices and encourage employees to shut down their devices at the end of the day, or even when they leave their home during the day. Remind them not to leave their computers in their cars, and to be diligent regarding their home security.
– Allow employees to conduct their duties on organization-provided computers only. It is critical that you are able to manage the security of devices connecting to your network.
– Implement an email encryption solution and require employees to encrypt their emails when sending sensitive information. Many email encryption solutions also include the ability to configure “trigger” items that, when identified in an email, will automatically encrypt if the user did not already choose to encrypt the message.