As South Africa enters its first full week of lockdown and businesses transition to remote working (and we all find ourselves spending a lot more time online) – an unfortunate side effect is an increase in cyber-attacks targeted to remote workers.
In normal times, there is inconsistency in cyber security awareness across employees and departments — this will be compounded by working remotely and new risks.
At Think Tank, we work with our clients to challenge the way software is used and leveraging IT solutions to make their businesses better – but as a manager I am also conscious of how my team is prepared.
So that leads me to ask two questions: is your business cloud ready and, as IT managers, how can we keep our employees and our data safe from a cyber security perspective?
The first question is a pretty big topic and I will focus on that later this week, but the second question is pretty immediate during these unprecedented times.
Does your company have established security guidelines for remote work?
People working from home should be provided basic security advice: beware of phishing emails, avoid use of public Wi-Fi and ensure home routers are sufficiently secured.
Employees should be particularly reminded to avoid clicking links in emails from people they do not know (check sender’s email address, look for poor grammar, hover over links to see the URL) and be cautious when installing third-party apps.
Now is also a good time to either review existing policies and / or establish at least some basic guidelines to address remote access to company information systems and use by employees of personal devices for company business.
A few of those questions to be addressed should be:
- What should employees do when downloading company data to personal computers?
- Are there guidelines for work computers or devices when these are brought home?
- What type of information needs to be protected? Confidential business information? Work products? Customer, employee, personal information?
- What systems or applications do specific employees need access to and how often do updates need to be installed?
- How often should employees be backing up data?
- What, if any, authentication or password requirements need to be in place?
- How to maintain frequent communications (both to inform as well as keep your team culture)?
Is there anything else you are implementing that could be helpful? If so, please share in the comments!