With the on-going spread of Coronavirus [Covid-19] governments are forced to take strict steps putting around 20% of the world population under lockdown. Healthy individuals are asked to stay home, avoid gatherings and unnecessary travel to limit the spread of the virus. This has led to change in the working pattern for most of the businesses asking the majority of the employees to work from home.
This business model has led to the participation of remote workers more than anticipated ever. IT Infrastructure teams are working very hard to facilitate smooth operation for the companies. It is quite possible that in this rush hour security might slip through. For any organization security is utmost important or else it becomes a perfect playground for cyber-criminals to exploit the network using Malware, Ransomware and Phishing attacks.
Best practices for security should always be followed for all kinds of businesses to stop them from becoming vulnerable to attacks. The following aspects should be taken care of:
- Zero Trust Security Design: In Zero Trust design the first aim is to identify the protect-surface. The protect surface houses the most important assets of the company- servers. Servers which host applications or hold company data. The NGFW enables micro-segmentation in your network protecting applications and users against cyber-attacks. Zero Trust can be summarised as- expect the people you trust to hurt you the most- never trust, always verify.
- Connection methods: Properly configured VPN clients on all the employee devices and properly configured SSL/Remote VPN on the firewall allows secure access to the network from remote locations. Continuous monitoring should also be in place to check the load on the firewall for any performance implications, traffic flow and scan for any threats.
- Sturdy Authentication Policies: The next step to security of your company network is implementing strong password policies and multi-factor authentication for accessing the network. Weak passwords are often easy to crack into and multi-factor authentication adds an extra layer of security to the network. Device-based authentication could also be implemented to ease the authentication process.
- Securing the devices: All the companies should have an asset management system and make sure all the devices- laptops, tablets, mobile phones handed over to the employees should be encrypted so that in a scenario where they are stolen or misplaced the data should not be accessible any third party.
- Home Wi-Fi: Most home users neglect basic security when setting up their home networks. Guidelines should be defined and communicated to all users to set up their home networks to prevent un-authorised access and attacks by hackers.
- Phishing awareness: Covid-19 outbreak gives an excellent opportunity for hackers to play with fear of individuals. With so much information available on the internet consisting of facts and myths, there is a lot of confusion among the people. Taking advantage of this fact hackers are sending an email with links and attachments aimed to provide information on novel coronavirus, but these are malware and ransomware which once downloaded can give access of your machine to the cyber-criminals. Awareness should be created among the employees to keep themselves safe against such attacks.
The above points cover some of the important guidelines which should be conveyed to all the employees from time to time to deal with this current situation and keep businesses safe from cyber-criminals.
Author – Omar Menon
Designation – Network Consultant, Trainer, Director at BlueMap