Maintaining Your Company Compliant And Secure During The Delay Period

By- Alok Chand
The UK is in COVID-19’s delay phase with schools closed and where possible workers asked to work in the home. How can businesses stay cyber and data compliant protected with staff working remotely, some for the first time? Firstly, the rate of the dangers that working poses via safety audit and a fast risk, which is done whether employees are already working from home or not. Look at potential insecurities in the system that can arise through remote access. For example, employees working in isolation for a length of time leaves them vulnerable to phishing and social engineering attacks.

Speed and identify these risks on your most important assets and agree that the best approach to deal with them. As distinct areas of the company will have unique perspectives Obtaining stakeholders from all areas of the company involved in such conversations is key. After that, start implementing security steps beginning with information protection. Legal and regulatory data security and compliance worldwide is much more stringent than ever, and the mishandling of this can result in severe consequences on finances and reputation – that the ICO’s intention to nice British Airways #183.39m and Marriott #99.2m past year demonstrates this.

Whether working not or remotely, data needs protecting accordingly and also the fact that the company is forced to set up remotely as a result of COVID-19 won’t be an excuse. Have a working policy that is clearly communicated to all staff, outlining when connecting in and obtaining corporate data remotely. These approved methods for communicating, working and sharing information helps prevent data loss that was accidental and unintentional. What’s more, data isn’t being kept longer than necessary or used in ways it was not intended under these remote practices.

Awareness and education can also be crucial. It’s very simple for even the employee to email documents to personal accounts or saves them to cloud services that are private. Protecting mobile devices like laptops with powerful disk encryption also has to be a priority control, as more devices are taken from the workplace. Data protection laws, such as GDPR, call out encryption to become one. However, data is shared with multiple individuals geographically dispersed. Use technology to classify sensitive information and construct the protection to the files. So, even if a record gets in the wrong hands, centralized control over who can open that document remains.

As machine learning technology evolves, it is even easier to classify massive libraries of information, by training the search motor in what to search for and assisting staff when employing data classification tags — the end result is data is protected at its source because of its entire lifecycle. Before attackers discover what technology an organization uses with tools that are adversarial analyzing the resilience and with so much information online it is not long. It’s amazing to see from a fast demonstration using open-source intelligence tools (OSINT), how much info can be scraped online from a business’ environment. Within five minutes it’s possible to identify at least three login ports, as well as collect information from social websites to build staff email username and address lists.

So, single, password-based authentication is no longer protected.A powerful second form of authentication is needed to keep cybercriminals outside — it may be something you connected to you, or have on your cell phone app enjoy a generating, such as your own fingerprint. Authentication can be enabled so that it doesn’t endanger the user experience such as only prompting you to your next means of authentication once the threat exceeds a certain threshold. Many malicious COVID-19 campaigns are circulating such as the coronavirus map application which installs the AZORult malware to steal web browser data and your credentials, including payment card numbers. Many are impersonating health officials using phishing emails, text/SMS, and networking posts geared toward spreading malware such as ransomware. To protect against these dangers, defenses must expand.

But traditional anti-malware solutions are currently struggling to cope. Endpoint security tools can help by providing visibility into all occasions at each endpoint in the network of the company so threats can be isolated and contained wherever they are located. All these are unprecedented times with companies trying to adapt fast to conditions. It is important for businesses to carry out their due diligence so we don’t let cybercriminals make the most of workers and implement effective cybersecurity steps when working from home.

