Employees working from home intensifies cyber risk
Los Angeles, Calif. – April 15, 2020
Your CFO is working from home now. That’s just one of how many remote privileged users with keys to your kingdom outside of the corporate office. If that doesn’t raise a red flag in your head, then it should…
We all know that inadvertent action leads to data breaches – it’s just a fact. Call it unintentional insider risk. Call it human error. Call it anything you want. But you had better protect your organization against it, now!
Who and what am I talking about? Your employees, the senior executives and others with access to your most critical applications and data, who have good intent but are negligent due to a completely new workplace – namely their homes.
You may not realize it, but you’ve got some potentially distracted and stressed out administrative users logging in to your HR, payroll, CRM, ERP, and other systems right now. They may be tapping away at the kitchen table, kids home from school, TV on in the background, not exactly the business atmosphere they’re used to. On top of that, they’re worried about personal finances, job security, and all the rest that goes with living through the Coronavirus pandemic.
IT and security teams need to think differently. This mindset around distracted privileged users is the new normal, at least for now, while you have a remote workforce.
Starting now – your business should take any necessary steps to secure systems that enable remote access, such as:
- Ensuring Virtual Private Network (VPNs) and other remote access systems are fully patched
- Enhancing system monitoring to receive early detection and alerts on abnormal activity
- Implementing multi-factor authentication (MFA)
- Ensuring all machines have properly configured firewalls, as well as anti-malware and intrusion prevention software installed.
These are just the basics. There is an important takeaway here. The insider threat is rising sharply amidst the new COVID-19 workplace. Do not let that fact be lost on you.
My firm, Herjavec Group, has published a cyber checklist for remote work scenarios. It’s free, and you can download it for offline use. This detailed checklist for CISOs, and CIOs will help ensure the preparedness of your teams for remote work. And it addresses the security of remote privileged users.
You may want to set aside time for a conversation about the insider threat at your next board meeting (which in all likelihood will be virtual.) Your C-suite executives, with privileged access, are targeted even more so than most employees in your organization and should be reminded to be cyber-aware.
Be safe. And keep your digital infrastructure safe.
To Your Success,
Originally posted on Cybercrime Magazine.