Coronavirus – Twelve Things IT Managers Should Do Now - Updated

The outbreak of the coronavirus means thousands of employees may soon be working from home for the first time. From a cybersecurity standpoint, this presents a grand opportunity for hackers. IT managers need to act now to ensure their organizations are protected.

Here are some cybersecurity tips and reminders. We will update our guidance periodically:

  • Ensure your organization has implemented a robust remote access solution and that remote access systems are fully patched.
  • Assign each employee a work laptop they can use from home. Remember: An employee’s personal computer might not have the appropriate cybersecurity protections in place, such as the latest patches, the latest updates and software that matches up to the organization’s requirements, leaving them open to malicious hackers.
  • Require employees to sign an agreement to follow the organization’s IT security practices and policies.
  • Ensure your organization has a robust VPN infrastructure in place that has the capacity for all of your employees to connect to the organization’s network.
  • In an attempt to keep hackers away, implement tunnel mode on the VPN (not split mode) so that employees cannot access their local home network while in the work environment.
  • Ensure all machines have properly configured firewalls, intrusion-prevention systems, and anti-virus software installed, patched and updated.
  • Use multi-factor authentication for employees connecting remotely.
  • Cybersecurity teams should enhance system monitoring to receive early detection and alerts on abnormal activity.
  • Set up an easy-to-remember email address and phone number for employees to report cybersecurity issues.
  • Deploy a plan and strategy to provide cybersecurity and technical support remotely.
  • Assess the security of the organization’s entire remote access infrastructure so that cybersecurity vulnerabilities in the underlying technology do not derail your plans.
  • Provide employees with ongoing and engaging cybersecurity awareness training so they don’t fall for phishing ruses.

 

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

Boost Business Value

From Compliance to Advantage: Using PCI 4.0 Certification to Boost Business Value

In this comprehensive guide, we explain in simple terms every aspect of complying with the NIST Cybersecurity Framework 2.0 …
financial institutions

5 Major Cybersecurity Risks Banks and Financial Organizations Face

In this article, we outline some of the most common cybersecurity attacks that banks and financial institutions can be vulnerable to …
How Merchants Can Become PCI-DSS Certified

Follow These 4 Steps to Achieve PCI DSS Certification

For all organizations that process payment cards, the Payment Card Industry Data Security Standard (PCI-DSS) certification is high up the data security and compliance priority list …