This is a great time to reassess how well you’re protected.
This was adapted with permission from the Think|Stack blog.
For those of you who run a business or read the news, you know that cyber crime is on the rise. Most businesses find it hard to track just how vulnerable and unprepared they are at the best of times and have scrambled to set up and secure a remote workforce in these crazy times of COVID-19.
In this video, Think|Stack CTO Zachary Hill describes why it’s critical for businesses to review their network security right now.
“A lot of people have been caught off guard by the current pandemic crisis. They have had to rapidly create policy for remote work and onboard technology for remote work. Unfortunately, it has resulted in some overworked IT folks and engineers who’ve had to implement new technology as fast as they could to make sure businesses can operate and work remotely. What this ultimately means is that sometimes working so quickly results in mistakes or inhibits companies from putting enough planning or effort into the security of the efficiency of that implementation.”
We recommend a security check for any type of business, especially those that relatively recently adopted remote work programs. A security check typically takes no more than three hours and will help you spot any gaps in your setup.
Here is a high-level overview of four key steps to take when doing a security check:
- The first thing to do when conducting a security review is to look from the outside in. Give your external footprint a hard look, things like your firewalls, or your edge security and network traffic.
- Next, get a close look at how your users are signing in and utilizing the network.
- Finally, use tools like Qualys and RapidFire can be used to perform scans that can show gaps or vulnerabilities on your network, and could be more susceptible because so many people are working remotely.
- Review the report produced from the scans. The information will include an outline of the problems and possible solutions, plus short- and long-term remediation project plans.
Here’s another checklist you can use. Answer each question either "yes" or "no."
- Have we done an outside-in review of our current security?
- Do we have multi-factor authentication in place?
- Are all our devices secure, including those being used by staff members working remotely?
- Do we have endpoint security of device management systems in place?
- Are we doing audits to make sure the systems we have in place are catching everything and being deployed correctly?
- Are we enacting policies surrounding zero trust networks (not trusting any device or user until they have proven themselves to be trustworthy)? Are encryptions on? Are we making sure virus scans get run often? Are users within a geographic location that we approve of?