Page 33 - Cyber Defense eMagazine for July 2020
P. 33

What can you do to protect your workforce and business from being compromised? We have compiled
            a list of some of the most effective measures to be undertaken to protect your organization.

            Make Sure Your Security Policy Is Valid

            The  COVID-19  outbreak  has  highlighted  that  most  organizations’  cybersecurity  policies,  especially
            policies  regarding  mobile  computing  and  teleworking,  may  be  inadequate.  Businesses  have  been
            scrambling to change the guidelines to adapt to the pandemic. Very few organizations would have had a
            business continuity strategy that solved all the issues brought about by the seismic shift to home working.

            Specific policies to update may revolve around the physical protection of company IT equipment, making
            sure children or relatives do not use company assets, which can help to keep assets in good working
            condition. If additional technology is needed by the employee, such as extra monitors, keyboards, or
            printers, a formal process should exist to track where company assets are located. Perhaps logging a
            service desk ticket for management teams to approve the removal of company technology. This process
            greatly improves how assets can be tracked.

            Other control measures can be introduced or updated to define the organization's rules and regulations
            on the usage of laptops, computers, handheld tablets, mobile phones, and digital media, including disks
            and memory sticks.

            Keep Data Protection Relevant

            Maintaining data protection is critically important for organizations, even more so when employees are
            working from home. Organizations are duty-bound by government regulations to uphold data protection.
            The regulations still apply no matter where the employees are working, be that an office-based role, or
            when working from home.

            All laptops should have some form of data encryption software installed, such as Microsoft BitLocker.
            This software protects the data stored on the employee’s physical device. In the event a company device
            is lost or stolen, the data is secured and encrypted. Domain policies can force remote terminals to lock
            the screen after a few minutes of inactivity during the lockdown period.

            All portable equipment should have a machine or boot-up password, and a domain user account that
            should be required when powered up. This may be a BIOS protected screen lock, or it might just be the
            Windows Logon utility. Either way, the device must not boot straight into the operating system without
            prompting for credentials. This will stop unauthorized access to the data stored on the equipment.

            Secure Physical Assets

            High valued assets must already have the standard security features such as usernames, passwords,
            and PINs. Extreme care should be taken with mobile computing being used outside of the organization’s

            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         33
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   28   29   30   31   32   33   34   35   36   37   38