Are your remote employees enforcing cyber security?
Good cybersecurity measures reduce the risks of company information being accessed by unauthorised personnel when employees are working outside the office.
Cybercriminals are taking advantage of the fact that information about the virus is mostly accessed through online portals. When a company enforces cybersecurity policies, they limit the risk of experiencing phising and other cyber attacks. These measures also enable companies to comply with the newly implemented POPI Act regulations to avoid non-compliance penalties should they experience breaches.
“In an attempt to reduce the spread of Covid-19, some companies gave their employees the leeway to work remotely. But they did so without fully implementing proper controls to help mitigate cybersecurity threats. With the new POPIA regulations in place and the rise in cybersecurity threats, companies need to implement a risk-based approach to manage their cybersecurity,” says Brandan Naicker, cybersecurity executive at LAWTrust.
Working remotely comes with its own challenges for organisations, such as employees using personal laptops to access work materials. While others might use their work machines to access personal applications, download materials from untrusted sites, or use USBs that have malware, which then creates attack vectors and additional vulnerabilities that could lead to a data breach.
“Most cybersecurity attacks are the result of technology connectivity and convergence. Companies need to take an outside-in view of the threats: the potential impact facing an organisation and understand that there is a shared responsibility in preventing data breaches. This requires cross-functional disciplines within the organisation to plan, protect and defend against these threats,” explained Naicker.
Understand the broader cyber threats
Key characteristics and attributes of cybersecurity include organisations understanding that cybersecurity is broader than just information technology and not just limited to the enterprise. Proper cybersecurity measures such as implementing advanced end-user authentication, like multifactor authentication, along with the use of biometrics for employees when logging into a company’s portal, helps prevent these threats.
These include forcing employee connections to the office network through a Virtual Private Network (VPN) that uses strong encryption or the use of application proxies to balance the load of traffic on the VPN. This would allow organisations to restrict the download of company data by requesting employees to provide their credentials to reduce cybersecurity risks that come with working remotely.
“Companies can attain cyber resilience by being aware of the organisations threat landscape and the cybersecurity risks it faces. This can be achieved through performing regular assessments of threats that could affect their business the most and building the capability to deal with current and emerging threats quickly and efficiently, by securing and monitoring their most valuable information and assets,” explained Naicker.
Naicker highlighted that to manage cybersecurity threats effectively, this requires resource flexibility and capability with the potential to challenge the accepted cybersecurity norms and how businesses perceive cybersecurity. This is particularly challenging given the extent of security skills and capacity in most organisations. Businesses should align their cybersecurity goals with business priorities, evaluate the effectiveness of their cybersecurity and Identify and protect the most valuable processes and information assets.