Coronavirus – Twelve Things IT Managers Should Do Now - Updated

The outbreak of the coronavirus means thousands of employees may soon be working from home for the first time. From a cybersecurity standpoint, this presents a grand opportunity for hackers. IT managers need to act now to ensure their organizations are protected.

Here are some cybersecurity tips and reminders. We will update our guidance periodically:

  • Ensure your organization has implemented a robust remote access solution and that remote access systems are fully patched.
  • Assign each employee a work laptop they can use from home. Remember: An employee’s personal computer might not have the appropriate cybersecurity protections in place, such as the latest patches, the latest updates and software that matches up to the organization’s requirements, leaving them open to malicious hackers.
  • Require employees to sign an agreement to follow the organization’s IT security practices and policies.
  • Ensure your organization has a robust VPN infrastructure in place that has the capacity for all of your employees to connect to the organization’s network.
  • In an attempt to keep hackers away, implement tunnel mode on the VPN (not split mode) so that employees cannot access their local home network while in the work environment.
  • Ensure all machines have properly configured firewalls, intrusion-prevention systems, and anti-virus software installed, patched and updated.
  • Use multi-factor authentication for employees connecting remotely.
  • Cybersecurity teams should enhance system monitoring to receive early detection and alerts on abnormal activity.
  • Set up an easy-to-remember email address and phone number for employees to report cybersecurity issues.
  • Deploy a plan and strategy to provide cybersecurity and technical support remotely.
  • Assess the security of the organization’s entire remote access infrastructure so that cybersecurity vulnerabilities in the underlying technology do not derail your plans.
  • Provide employees with ongoing and engaging cybersecurity awareness training so they don’t fall for phishing ruses.

 

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

penetration testing red flags

Red Flags to Be Aware of in Penetration Testing Companies

It is important to do your research when selecting a penetration testing company. Here are a few red flags to be aware of when choosing penetration testing companies …
pci compliance test

How To Test for PCI Compliance

PCI Compliance tests are a critical step in protecting your organization against cyber threats. We outline the importance of PCI Compliance tests here …
Cybersecurity Penetration Testing

5 Types of Cybersecurity Penetration Testing

If you are looking for ways to improve your company’s cybersecurity, this guide can help. Here are five types of cybersecurity penetration testing …