cybersecurity and the new normal

The restrictions imposed due to the COVID-19 crisis have made remote working.  Full scale remote working was not built into most company's existing processes. TIFFIN CYBER offers a few considerations to ensure a smooth, secure and sustainable transition.

Executives may need to retool views on People, Processes and Technology

when helping employees remain productive. 

Check with your antimalware and security vendors, many are currently

offering discounts.

PEOPLE

Maintain regular and consistent communications with remote workers.

  • Schedule frequent check-ins, either 1:1 or in small groups; acknowledge both human and business topics.

  • Provide video conferencing technologies to allow for face-to-face sessions.

  • Over-communicate what is happening within the organization and what is expected of the remote worker. Listen to what is happening in employees' communities.

  • Always leave your virtual door open for personal communications and listen for signs of distress and discomfort, referring employees to HR if necessary.

  • Gratitude is an enormous spirit-lifter.   Be generous with gratitude for employee dedication and flexibility.

PROCESSES

Standardize access controls, modify support processes, monitor.

  • Based on role and access to critical data, determine how you will equip which employees for working remotely and what are acceptable uses for each practice: BYOD, company provided laptops and public computers. 

  • Consider Help Desk and support team processes. Incorporate new procedures and escalation processes where needed. Keep in mind that support teams are prime targets for social engineering. They are trained to be helpful and resolve issues as quickly as possible.  Ensure that support staff understands what has changed, and what user authentication protocols and support actions are most critical in ensuring the safety of company resources.

  • Monitor the network regularly and search for system and behavioral anomalies. Not monitoring? Creating a baseline of acceptable behavior allows organizations to quickly identify malware or inappropriate actions on company resources.

  • Review and revise practices that test the security of the remote devices and company data.

    • Define acceptable and unacceptable apps.

    • Define acceptable connectivity vectors

    • Implement device controls such as idle time log-out and USB usage.

    • Strengthen password requirements such as expiration, length and complexity.

TECHNOLOGY

Deploy or expand usage of technologies that facilitate access and security.

  • Transition to cloud file storage as much as possible secures access and storage of critical data.

  • Use a virtual private network (VPN) whenever possible.

  • Deploy Virtual Desktops to reduce data flow outside of the network and enable access for individuals without a suitable, secure home computer. 

    • Configure to eliminate downloads & screenshots, keeping data off of employees’ home machines where it is more vulnerable. 

    • Encryption of all data, both at rest and in transit, makes it that much harder to read information in the case of a hack.

  • If home PC’s, laptops, mobile devices are used, check with your anti-malware vendor about adding licenses, and for mobile device management capabilities. Devices not listed in your Active Directory may still be protected, managed and monitored with existing software.   

Tested technology such as Biscom and gotomeeting are offering free trials. By clicking the links above you acknowledge you are leaving the TIFFIN CYBER website.

©2019 TIFFIN CYBER