By Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.
The concept of cyber hygiene is a deceptively simple one: It involves a series of practices and precautions that, when repeated regularly, keep users safe and their devices working as they should be. But that’s easier said than done with distributed networks, IoT everywhere, the adoption of multi-cloud infrastructures, and a growing reliance on SaaS application usage. Add the convergence of IT and OT, and the number of aging devices that cannot be taken offline because they monitor or manage critical systems 24×7, and the risks are greater, and the table stakes are higher, than ever before.
Keeping Remote Workers Safe
One of the most critical places on which to focus cyber hygiene efforts is remote workers. The rapid growth in a mobile workforce and their reliance on personal devices and home networks is just the latest addition to the challenges that IT teams face. Unfortunately, enforcing cyber hygiene for remote workers seems to be low on the list for overworked IT teams – somewhere below keeping the business up and running and ensuring access to business applications and essential resources.
Of course, the challenge is that employees working from home are using unsecured personal devices, from laptops to smartphones to tablets, to stay connected during the workday. And these devices, attached to weaker and far more vulnerable home networks, have created the perfect platform from which cyber criminals can launch attacks on enterprise data.
Top Cyber Hygiene Tips to secure Remote Workers
- Ensure all employees receive substantial training, both when hired and periodically throughout their tenure, on how to spot and report suspicious cyber activity, maintain cyber hygiene, and on how to secure their personal devices and home networks. By educating individuals, especially remote workers, on how to maintain cyber distance, stay wary of suspicious requests, and implement basic security tools and protocols, IT team can build a baseline of defence at the most vulnerable edge of their network that can help keep critical digital resources secure. This can involve online training and workshops with experts.
- Ensure an incident response/recovery plan is in place, including a hotline through which employees can promptly report a suspected breach, even when they are working from home. This way, in the event of an attack, downtime will be minimized, and employees will already be familiar with critical next steps.
- Run background checks before designating power usersor granting privileged access to sensitive digital resources. By taking this extra step, organizations can make informed decisions that will inherently mitigate the risks associated with insider threats.