Coronavirus – Twelve Things IT Managers Should Do Now - Updated

The outbreak of the coronavirus means thousands of employees may soon be working from home for the first time. From a cybersecurity standpoint, this presents a grand opportunity for hackers. IT managers need to act now to ensure their organizations are protected.

Here are some cybersecurity tips and reminders. We will update our guidance periodically:

  • Ensure your organization has implemented a robust remote access solution and that remote access systems are fully patched.
  • Assign each employee a work laptop they can use from home. Remember: An employee’s personal computer might not have the appropriate cybersecurity protections in place, such as the latest patches, the latest updates and software that matches up to the organization’s requirements, leaving them open to malicious hackers.
  • Require employees to sign an agreement to follow the organization’s IT security practices and policies.
  • Ensure your organization has a robust VPN infrastructure in place that has the capacity for all of your employees to connect to the organization’s network.
  • In an attempt to keep hackers away, implement tunnel mode on the VPN (not split mode) so that employees cannot access their local home network while in the work environment.
  • Ensure all machines have properly configured firewalls, intrusion-prevention systems, and anti-virus software installed, patched and updated.
  • Use multi-factor authentication for employees connecting remotely.
  • Cybersecurity teams should enhance system monitoring to receive early detection and alerts on abnormal activity.
  • Set up an easy-to-remember email address and phone number for employees to report cybersecurity issues.
  • Deploy a plan and strategy to provide cybersecurity and technical support remotely.
  • Assess the security of the organization’s entire remote access infrastructure so that cybersecurity vulnerabilities in the underlying technology do not derail your plans.
  • Provide employees with ongoing and engaging cybersecurity awareness training so they don’t fall for phishing ruses.

 

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

PCI compliance companies

Leaning on PCI Compliance Companies to Navigate the Maze of PCI Compliance

These cases demonstrate the critical role of PCI compliance companies in helping businesses not only recover from breaches but also prevent future incidents through rigorous compliance practices …
PCI QSA Companies

Selecting the Right PCI QSA Company

The right PCI QSA company should act as a trusted advisor, helping to identify vulnerabilities and suggesting improvements to secure data and comply with PCI DSS requirements …
New York Cybersecurity Regulation

Tough New Amendments to New York Cybersecurity Regulation Kick in Soon

Entities must take proactive steps to assess their compliance with the amended Cybersecurity Regulation and rapidly work to address any gaps …