What Does the ‘New Normal’ Mean for Your Cybersecurity Posture?

Published on May 4, 2020  |  Cyberfort Advisors

What is your current cybersecurity posture? In other words, how is your organization currently defended against cyber attacks?

Cybersecurity is an important topic for organizations at any time, but with the recent COVID-19 pandemic combined with the work from home (WFH) movement, organizations are experiencing additional requirements and changes to accommodate for this “new normal.”

To take these increasing cybersecurity needs a step further, we must acknowledge that the new normal we’re experiencing will continue to change and transition as the novel coronavirus crisis ends. This new normal is likely not temporary, but instead, the beginning of an accelerated, ever-changing new normal. The cybersecurity needs we face today will continue to evolve even as many of us return to our offices because how we view work will not be the same

To move forward during and after this crisis, we must focus on improving our cybersecurity posture by going through the following actions:  

What needs to be tested

With hackers regularly exploiting vulnerabilities in VPNs, IT teams need to test the security of VPNs and other remote access solutions. Likely, they will need to continually patch these systems to ensure they are protected against bad actors. 

When the IT team tests the security of the remote access solutions, they need to ensure they are sized appropriately to support the remote workforce. In doing so, they may need to work with the company’s Internet Service Provider to increase the bandwidth. 

What needs to be reviewed

Since your organization is likely experiencing the WFH environment for the first time, it’s a great time to update your disaster recovery plan to ensure business continuity. During this process, be sure to review internal and external change factors, back up your data, review recent incidents, and update employees on any changes.

It is also important to review your company’s devices. Are they being used remotely? Are they unused at the office? Are they being used in conjunction with your employee’s personal devices? Are your employees using personal devices instead of company devices? 

Looking deeper at how your employees use devices to WFH, what connections are they using? Are any connections or options enabled that should be disabled to increase security?

While answering these questions is time-consuming for your enterprise’s IT team, they are important to answer in order to prevent potential vulnerabilities. 

Employee uses multi-factor authentication while working from home.

What needs to be implemented

Many employees are resistant to maintaining strong passwords, whether they are working in an office building or from home. Unless your organization’s system requires passwords to include a specific amount of capital letters, numbers, and symbols, as well as prompting users to update them frequently, your company is at risk for a breach. 

To mitigate this risk, your IT team can implement multi-factor authentication. This is especially beneficial for employees who are using their own devices to WFH, as shown in the above image.  

With a distributed workforce, it’s important that your cybersecurity team develops a process to conduct security patch activities, coordinate remote access with users, and implement workarounds for issues that arise in a quick, effective manner. This requires open and consistent communication between your cybersecurity team and your employees. 

One critical software installation for remote workers is endpoint protection software. IT teams should ensure that employees have endpoint software solutions, such as antivirus, installed on their company devices, as well as personal devices used for work. The IT team may need to help users install the software, especially if they have been working from home without this vital protection.  

What needs to be shared with employees

Email phishing has increased during the COVID-19 crisis, so it’s important to inform employees to be wary of opening emails and clicking links within emails. It’s also important to educate them on how to alert your IT team to potential threats and questionable emails and links. By making this communication process easy, your team will be more likely to alert the IT department of more potential threats rather than disregarding the possibility.

Throughout the process of updating your cybersecurity policies, it’s vital that you update your written policies and send updates to all employees. It’s also a good practice to consistently remind employees about these policies. After all, your employees are a primary line of defense against potential threats. 

Does your organization need help creating or updating your security program strategy? We can help you stay one step ahead of today’s cyber threats.

LEARN MORE > 

CyberFort Services

We offer a complete suite of consulting services to help you create an effective strategy that resolves threat, security and regulatory compliance risks efficiently.

LEARN MORE >

Industries Served

Our team of industry recognized subject matter experts work to offer the right security solutions for your specific needs, preventing threats and vulnerabilities from compromising your business.

LEARN MORE >

Ready to secure your business against cybercrime?

Establish a complete cybersecurity program for your business with smart strategies, solutions and support by CyberFort.

Your Guide To A Successful Cybersecurity Overhaul by CyberFort Advisors

Your Guide To A Successful Cybersecurity Overhaul

Many companies implement new cybersecurity policies and procedures, but they ignore one critical fact: When it comes to your cybersecurity posture, your end-users are your weakest link.

Without getting employees and other end-users on board, your company data is at risk.

With your end-users on board, how do you deploy new cybersecurity policies? There are many pitfalls companies commonly fall for during this process. With the right preparation and guide, you can overhaul and deploy a successful cybersecurity initiative.

This short but comprehensive guide will show you how to:

  • Overhaul your cybersecurity program
  • Get your employees and other end-users on board
  • Avoid common pitfalls that cause cybersecurity initiatives to fail

To download the guide, please provide us with your name and email address:

Thank you for your submission! You will receive an email with a download link.