With an unprecedented number of people having switched from an office to their homes as their places of work, there is a lot of unclear or even conflicting information around about how to secure your company’s technology devices and data. So how exactly can you protect yourself and your colleagues from unauthorised data access? What tools should you rely on to stay digitally safe? How can you help your organisation make the switch from office workers to home workers without sacrificing your organisational data? Candid Wüest, VP of Cyber Protection Research at Acronis offers some key steps to get you on your way.
- Establish an anti-phishing strategy. Train all employees to recognise malicious emails and websites. Use email systems with integrated anti-phishing solutions (or both). Use two-factor authentication whenever possible. Even in its simplest form with text messages, it reduces the risk of ‘normal’ attacks succeeding by 99%, as Google research shows.
- Use unique strong passwords for different services. A password manager can help staff remember all their passwords.
- Update your systems automatically. You would not want to increase your financial debt, so don’t increase your technical debt either. Working with legacy systems will end up being more painful and more expensive for you and your organisation if you fail to maintain them properly.
- Deploy ransomware protection and anti-virus systems. Remember, even the best products may fail to detect the newest malware and ransomware, so back up your company’s data frequently and regularly. Sometimes, having a copy of the data is better than having an anti-virus system deployed, given that some of the backup systems already have anti-ransomware functionalities. While phishing is one of the most frequently occurring types of attack, ransomware is often the most expensive to recover from. Backups are the best way to avoid the hassle. Make sure that your backups are not accessible to ransomware and keep them offline or on a remote system that ransomware attacks cannot reach.
- Verify the configuration of exposed services such as Remote Desktop Protocol (RDP) or cloud storage solutions such as S3 buckets. As the name implies these services are exposed to attackers and should therefore be protected. Unfortunately, often the configuration settings are weak, making it easy for attackers to compromise. In addition, monitoring should be enabled to gain visibility into any new issues.
These measures combined are a solid bulwark against unauthorised data access. If data loss occurs nonetheless, employees should be aware that they must report the incident as soon as possible.