Coverletter for the February 2021 Newsletter
These are not normal times. Implementing proper IT Governance is essential. All companies must tighten up their cyber-security protocols for their remote workforce.
In the past, the conventional wisdom on cyber-security was to play defence and respond quickly to breaches. The new policy is to be proactive, conduct scenario planning exercises and ensure patches and pen-testing. Current cyber-environment calls for a proactive approach from all stakeholders of the organisation.
Unfortunately, many organisations have to pay ‘ethical hackers’ to investigate computer and network vulnerabilities. Some even pay for a monthly report to identify if sensitive information, passwords or personal information is bought or sold on the “dark Web.”
Let us revisit some tips we provide in our workshops, seminars and online classroom events:
- Do not reuse passwords and make them complex
- Use multi-factor identification wherever possible
- Install reputable anti-virus software with real-time protection
- Keep all operating system software patched and up-to-date
- Enforce employee training and discipline
Reinforce work-from-home standards. The above tips are standard; however, they are still the cause of a majority of cyber breaches. Those companies that have had significant data or cyber breach take additional steps after the fact:
- All employees sign a remote worker agreement, which requires workers to acknowledge the company’s cyber-security protocols and check-in several times a day
- Move the entire workforce to a virtual desktop system, so that once the employee is logged into the company’s virtual desktop, nothing they input on their remote access point is saved on the remote device.
- Install endpoint monitoring software that monitors every endpoint—every laptop, every server, connected to the internet and the IT platform—to watch out for potential attacks.
- Ask challenging questions of every third-party supplier for continued security and compliance.
- Limit third-party access to only those portions of your network and database that they need
- Only use reliable and trusted third parties that have answered challenging questions about their virtual work environment
- See the limits of their insurance coverage
All of the above may seem a lot to some; however, it is only a fraction of the effort and cost if there was a significant cyber incident. Call us or participate in one of our events to learn more:
- Find the right approach to clarify and streamline compliance obligations, and focus risk management on the critical, urgent risks.
- Protect from cyber-attacks by properly training all employees and help them understand the risk.