Coronavirus – Twelve Things IT Managers Should Do Now - Updated

The outbreak of the coronavirus means thousands of employees may soon be working from home for the first time. From a cybersecurity standpoint, this presents a grand opportunity for hackers. IT managers need to act now to ensure their organizations are protected.

Here are some cybersecurity tips and reminders. We will update our guidance periodically:

  • Ensure your organization has implemented a robust remote access solution and that remote access systems are fully patched.
  • Assign each employee a work laptop they can use from home. Remember: An employee’s personal computer might not have the appropriate cybersecurity protections in place, such as the latest patches, the latest updates and software that matches up to the organization’s requirements, leaving them open to malicious hackers.
  • Require employees to sign an agreement to follow the organization’s IT security practices and policies.
  • Ensure your organization has a robust VPN infrastructure in place that has the capacity for all of your employees to connect to the organization’s network.
  • In an attempt to keep hackers away, implement tunnel mode on the VPN (not split mode) so that employees cannot access their local home network while in the work environment.
  • Ensure all machines have properly configured firewalls, intrusion-prevention systems, and anti-virus software installed, patched and updated.
  • Use multi-factor authentication for employees connecting remotely.
  • Cybersecurity teams should enhance system monitoring to receive early detection and alerts on abnormal activity.
  • Set up an easy-to-remember email address and phone number for employees to report cybersecurity issues.
  • Deploy a plan and strategy to provide cybersecurity and technical support remotely.
  • Assess the security of the organization’s entire remote access infrastructure so that cybersecurity vulnerabilities in the underlying technology do not derail your plans.
  • Provide employees with ongoing and engaging cybersecurity awareness training so they don’t fall for phishing ruses.

 

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

log management

How A Log Management Assessment Can Prepare Your Organization for a Cyber Attack

This article delves into the significance of log analysis in a forensic readiness assessment and outlines best practices for organizations to optimize their log management strategies …
Business Impact Assessments

Importance of Business Impact Assessments

In the event of a data breach, Business Impact Assessments will help your organization prioritize recovery steps and get back to business faster …
cybersecurity incident response

How to Choose the Right Tabletop Scenario for Incident Response Testing

To effectively combat these threats, organizations must invest in robust cybersecurity incident response strategies …