CORONAVIRUS: WFH Security Steps that Companies can do to Prepare for COVID-19 challenges
It’s no secret that the novel coronavirus, or COVID-19, has become a global issue with the World Health Organization declaring it a pandemic as recently as March 10th[1]. But what does that mean for businesses and organizations who must keep operations going for as long as possible? Having a business continuity solution has become imperative amid growing concerns. A business should always be considering the well-being and health of its staff and employees, so it’s no surprise that more and more people are working from the safety of their homes. Here, we will look over how to be cyber secure and have business resiliency if COVID-19 continues to spread and drastic measures continue to be taken.
Step 1: Setting up cyber secure remote work environments:
Many businesses and organizations are prioritizing the health of their employees by allowing them to work remotely from home. However, as a work force shifts to working remotely, company firewalls, DNS, and IDS/IPS are rendered ineffective. Rule number one when working remotely: use a secure WiFi network. Having a VPN, or a Virtual Private Network, grants you the additional security that will protect you from any possible lurking eyes. If you send your data through an unsecured WiFi connection, you lose the power of privacy, making it possible for cybercriminals to intercept your data. This is even more true with public WiFi networks that you can get from coffee shops, libraries and the like.
Rule number two: secure your home workstation. Your office workstation will typically have a fully patched and updated anti-virus and anti-malware software, and it’s important to treat your remote workstation with the same amount of care.
Step 2: Having an Intelligent Business Continuity Plan:
Few companies can afford disruption to their services for a prolonged period. For the small to medium size businesses, a day to a week of downtime could be a death sentence. For large companies and corporations, a day to a week of downtime can result in millions of dollars lost.
What would downtime cost your company? Find out here.
Communication during and following an emergency presents a variety of challenges. So, crafting an employee safety and communication plan that works is absolutely essential. The specifics will vary widely from company to company, but your emergency safety and communication plan must address how the company will ensure employees are safe during a disaster event; and how it will communicate essential information to employees following the event.
The same is true with data, considering it’s essential for all types of organizations today. Ensuring access to applications and data following a disaster is critical, but it’s just one piece of the BCDR puzzle. Evaluating your business’ ability to restore IT operations can be a good starting point for company-wide Business Continuity efforts. Good BCDR planning should look at the business as a whole, and the goal should be to develop business resilience.
Feel free to Contact Us for more information.
>
Top 4 Fraud Trends of 2020 and How Criminals are Targeting YOUR Business
Fabrication
Ransomware
The “R word” can send chills down the spine of any business owner, and for good reason. Two cities in Florida were forced to pay over a million in aggregate bitcoin ransom, only after losing access to phone and email systems for multiple weeks. Municipalities are not alone, and a quick glance at data breach news headlines on any given week will reveal SMB attacks as well.Account Takeover
Understanding how criminals are targeting your business or vertical is a fundamental component to any sound cybersecurity strategy. Nevertheless, “the nature of work for a CISO is often reactive”, tasked with establishing a Security Operations Center filled with analysts who are looking to spot a needle in a haystack. On the other hand, the commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving account takeover fraud at the small business and medium enterprise level in today’s world requires purpose-driven teams and technologies that can protect your business smarter and more efficiently.Universities and Municipalities
Just last summer, three US universities disclosed data breach incidents within a two-day span. However, this pales in comparison to 2018’s highlight. In March 2018, nine hackers breached 144 US universities, charged with stealing 31 terabytes of data worth roughly $3.4 billion in intellectual property. Such breaches have a ripple effect across all verticals and companies, driving consumer awareness and raising the standard for cybersecurity for everyone. In Canada, the University of Ottawa, City of Saskatoon and City of Burlington all experienced ransomware by simple email compromises.How Can E-Tech Help?
Dark Web Monitoring
Security researchers estimate that in the first half of 2019 alone, 23M+ credit and debit card details were being sold in underground forums. Once such data dumps hit the Dark Web, cybercriminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes. Dark Web Monitoring is designed to help both public and private sector organizations detect and mitigate cyber threats that leverage stolen email addresses and passwords. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Get a Free Dark Web Scan Today.Cyber Security Awareness Training
The number 1 reason people are victimized by cyber crime is human error. No industry is safe from cyber security threats – even experts like us are targeted by cyber criminals. That’s why we recommend our all-in-one comprehensive advanced Cyber Security Awareness Training Program, to keep you and your employees safe from the dark web. Our Training includes: a presentation to your employees, advanced training modules and course completion certificates, phishing email simulators and fully detailed reporting. Try our Free Cyber Security Training Module.Top 10 Cybersecurity Tips:
- Create unique passwords and enforce multi-factor authentication for all network users.
- Install spam-filtering solutions with anti-phishing capabilities across your network.
- Leverage web-filtering programs that block phishy websites.
- Prepare for cryptojacking attacks.
- Purchase SMB security suites that include Dark Web monitoring.
- Involve all stakeholders in raising cybersecurity awareness across your organization.
- Assess your organization’s information, protection, and access regularly.
- Ensure that all third-parties have cybersecurity protocols and policies in place.
- Build a cybersecurity incident response plan (CIRP) and democratize key information.
- Partner up with experts to train your employees every month.
What Are The 3 Fundamental Goals of Cyber Security?
If you are like most owner/managed companies today, the internet is an indispensable tool for success in today’s digital economy. Going online allows you to communicate with current customers and reach out to new ones to grow your business.
Of course, this is old news – but what people fail to think about is that being online should go hand in hand with being safe and secure.
As a business, you owe it to your customers, suppliers, and employees. But most of all, you owe it to yourself. What are the consequences of not being cyber secure? The cost in terms of both time and money can result in destroying in a few minutes all that you have created and worked to build up over many years.
Cyber security is about protecting your information, which is often the most valuable asset a business will own.
What are the 3 fundamental goals of cyber security?
(a) confidentiality – any important data you have should only be accessible to people or by systems to who you have given permission;
(b) integrity – the assets themselves and information they contain must continue to be complete, intact and uncorrupted and;
(c) availability – all systems, services and information must be accessible when required by the business or its clients.
To achieve and maintain these goals, good cyber security requires:
(i) determining the assets that are so important to the business that they need to be kept secure at all times;
(ii) identifying the threats and risks;
(iii) identifying the safeguards that should be put into place to deal with these threats and risks;
(iv) monitoring the safeguards and assets to manage security breaches;
(v) responding to cyber security issues as they occur and;
(vi) updating and adjusting safeguards in response to changes in assets, threats and risks.
How do you determine which are your most important assets? It’s especially hard when they are all called upon in the course of a day or a week to perform functions that which you depend.
Every business will answer this question in their own way, but any analysis must include the assets that when exposed to a threat, the business could not operate if they were down for any extended period.
The term “threat” refers to any potential danger to the business, its assets or employees. Some of these threats can come via nature, like a fire or flood. A simple solution to natural disaster is to refrain from storing all your eggs in one basket, or to diversify your portfolio. Basically, you should have a proper business continuity plan.
But threats are most likely to originate from individuals inside or outside the organization. Whether it’s cyber criminals maliciously attacking you with phishing emails, malware, ransomware, or social engineering attacks – or your employees “accidentally” deleting crucial data, its imperative to have the right safeguards in place and to keep your staff alert with cyber security awareness training.
Safeguards are anything you can use to counter threats and reduce risk. They can be either software or hardware but most importantly they are management policies and specific procedures for everyone in the organization to follow, including clients.
A big part of cyber security involves being alert to things that seem to be “out of the ordinary”. Employees must always feel that they can report security concerns, observations or questions to someone in authority who will listen to what they have to say, document what has occurred and take appropriate action.
>