Best Practices for Organizations with Employees Working from Home
Amidst the increasing spread of coronavirus, many organizations have taken precautionary measures and are recommending that employees work from home. While remote work helps secure employees’ health, it presents a higher risk of cyber attacks for companies from attackers who see this as an opportunity.
Every At-Bay policy includes coverage for a remote workforce, whose work is guided and engaged by the Insured Organization. This means coverage extends to remote workers and remote computer systems, such as an employee using personal devices or other devices for business purposes. However, in an effort to help bolster your security, our Security Services team has identified tips for companies experiencing an increased number of remote workers:
- Enable multi-factor authentication (MFA) for all remote access users, including users of your organization’s webmail. Confirm that you are using the most updated version of your remote-access solution.
- Make sure that your network can handle the increase in traffic from additional users. Reach out to your IT provider if your remote network will see increased use.
- Refrain from quick-fix, but highly vulnerable remote solutions such as Remote Desktop Protocol (RDP). The presence of externally facing RDP on your network is routinely scanned by attackers looking for easy ransomware targets.
- Carefully review and monitor all wire transfer requests. Enforce dual-authorization, callback procedures, and confirmation of transfer requests over the phone as members of the finance department may be more susceptible to email attacks impersonating senior staff when they cannot confirm these transfers in person.
During this time, our Security Services team continues to closely monitor all client networks, with extra focus on vulnerable systems and technology configurations that involve remote network access.
If you have questions regarding your coverage, please contact your local underwriter or email@example.com. If you have questions regarding security practices in regard to a remote workforce, please contact our security team at firstname.lastname@example.org.