Friday, March 19, 2021 / 07:30 AM / by Jason
Ikegwu QSA, Associate Partner, Phillips Consulting / Header Image Credit: EcoGraphics
accelerated remote working adoption globally, necessitating the workforce to
operate from virtual environments and diverse locations. Today, the global
business is done online, including supply orders and cash transfers as an
emerging mode of trade. This leaves companies vulnerable to cybercrime and
potential losses. Top management must pay special attention to this millennial
threat and prioritise cybersecurity for their companies, notwithstanding their
knowledge of cybersecurity matters. The COVID-19 pandemic has created enormous
and swift changes, therefore, companies cannot ignore the cyber challenges
associated with largely or entirely remote workforce
Below are some
recommended steps and interventions to protect organisations from malicious
and Risk Management
- Conduct a
comprehensive risk assessment and business impact assessment for critical
functions and processes in the organisation.
- Update and
communicate acceptable use policies for employees and address the use of home
- Define data
classification categories and data privacy requirements for the organisation.
functions requiring secure IT environments that remote working may not provide,
and develop ways of performing them.
- Anticipate how
the entities your business depends on, e.g. cloud, network infrastructure
providers, and others may be affected by COVID-19 disruptions, and develop
continuity and resiliency options.
- Refresh and
update cyber incident response, continuity plans, and disaster recovery plans
to address current operational needs.
communicate cybersecurity awareness messages to employees to reinforce security
- Provide secure
access solutions with sufficient capacity for the increased number of remote
- Offer security
protection on endpoints.
software updates to remote workers.
- Reassess rules
such as geo-blocking that could prevent remote access.
- Increase IT
help desk capacity and hours of operation to handle the increase in services
required by remote workers.
- Ensure that
cybersecurity alerts and audit logs of critical systems, for example, VPNs,
firewalls, endpoint security tools, and critical business applications are
centrally collected and analysed to detect and respond to suspicious/malicious
VPN profiles and firewall rules to ensure employees are assigned appropriate
privileges based on their roles.
procedures requiring approval from data/system owners for provisioning and
de-provisioning of remote VPN and other accounts related to critical business
multi-factor authentication for VPN and critical information systems.
- Disable split
tunnelling for VPN profiles to ensure that remote employees cannot access the
internet directly from their laptops while using VPNs to access corporate
- Create a
shared channel - for example, #phishing-attacks - or email address where
employees can report suspicious emails.
Education and Awareness
tailored cybersecurity awareness messaging for remote workers and deliver it
online to all employees. Include topics such as social engineering, password
constructs, email security, etc.
- Detecting and
avoiding elevated phishing threats, including COVID-19 scams and fraudulent
- Ensure secure
use of Wi-Fi, both at home and in public.
- Not using
company computers for personal email, file sharing sites, or social media
- Saving and
securing needed printouts of work files or emails and shredding others.
- Avoid copying
work files or information to personal devices, including home network drives
and personal online storage.
- Muting or
shutting down in-home digital assistants that may continuously record nearby
- Not permitting
family members or others to use company-provided equipment, including laptops
default home Wi-Fi router passwords and performing other home security checks.
screen locks are enabled to ensure workstations are secured when not in use.
- Never leave
laptops and mobile devices unattended in public spaces or unlocked at home.
company-approved cloud services or data centre storage instead of local
storage, particularly for sensitive information such as personally identifiable
information, protected health information, financial data, and trade secrets.
- Avoid the use
of USB sticks and other removable storage.
recommendations above can help organisations work more securely and efficiently
through these challenging times.
At pcl. we
support organisations to develop and implement cybersecurity governance and
risk measures, systems and networks, cyber operations and cybersecurity
awareness for remote working and sustainable operations.
Checklists for Remote Working first appeared in Phillips Consulting Blog on June 21, 2020.
1. Cybersecurity and the Public
2. Law Firms as Targets For
Hackers - Risks and the Way Forward
3. FITC Technology Summit:
Stakeholders Explore Strategies For Addressing Cybercrimes and Hacking
4. NSE Kenya Transitions to a New
5. Payment Security Predictions
6. CIBN President Tasks Banks On
7. CSCS Sensitizes Financial
Market Stakeholders On The Value Of Cyber-Security
8. Stakeholders Harp on Robust
Cybersecurity Architecture for Financial Services in Nigeria
9. Bankers' Committee launch
"Moni Sense" Campaign to boost Fraud Awareness
10. When the Cookie Crumbles:
Phasing out third-party Cookies - By Elo Umeh