Coronavirus – Twelve Things IT Managers Should Do Now - Updated

The outbreak of the coronavirus means thousands of employees may soon be working from home for the first time. From a cybersecurity standpoint, this presents a grand opportunity for hackers. IT managers need to act now to ensure their organizations are protected.

Here are some cybersecurity tips and reminders. We will update our guidance periodically:

  • Ensure your organization has implemented a robust remote access solution and that remote access systems are fully patched.
  • Assign each employee a work laptop they can use from home. Remember: An employee’s personal computer might not have the appropriate cybersecurity protections in place, such as the latest patches, the latest updates and software that matches up to the organization’s requirements, leaving them open to malicious hackers.
  • Require employees to sign an agreement to follow the organization’s IT security practices and policies.
  • Ensure your organization has a robust VPN infrastructure in place that has the capacity for all of your employees to connect to the organization’s network.
  • In an attempt to keep hackers away, implement tunnel mode on the VPN (not split mode) so that employees cannot access their local home network while in the work environment.
  • Ensure all machines have properly configured firewalls, intrusion-prevention systems, and anti-virus software installed, patched and updated.
  • Use multi-factor authentication for employees connecting remotely.
  • Cybersecurity teams should enhance system monitoring to receive early detection and alerts on abnormal activity.
  • Set up an easy-to-remember email address and phone number for employees to report cybersecurity issues.
  • Deploy a plan and strategy to provide cybersecurity and technical support remotely.
  • Assess the security of the organization’s entire remote access infrastructure so that cybersecurity vulnerabilities in the underlying technology do not derail your plans.
  • Provide employees with ongoing and engaging cybersecurity awareness training so they don’t fall for phishing ruses.

 

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

payment card industry

What are the 12 Requirements of PCI DSS Compliance?

PCI Compliance requirements are created by the PCI Standards Council in order to secure and protect the entirety of the payment card ecosystem …
hiring pci compliance services

7 Tips for Hiring PCI Compliance Services for Your Business

Read here for 7 practical tips for hiring PCI compliance services for your business …
pci compliance test

Why Do I Need a PCI Compliance Test?

PCI Compliance tests are a critical step in protecting against cyber threats. We outline the importance of PCI Compliance tests …