Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.


77 vues

Publié le

Cybersecurity for a Remote Workforce

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci


  1. 1. Joey Howland Chief Information Security Officer The Changing Workplace Environment: Cybersecurity for a Remote Workforce
  2. 2. Why This Matters Financial Impact Customer Confidence Employee Protection $6 trillion in cyber- crime costs by 2021 3 billion PII records stolen last year Payroll cyber attacks hit employee wallets Herjavec Group
  3. 3. • Outside organization’s security boundary • Often working on shared computers • Increase in attempts by malicious actors during crisis Why Home is Different
  4. 4. • National Institute of Standards and Technology https://www.nist.gov/cyberframework The NIST Cybersecurity Framework
  5. 5. What you should consider as an organization?
  6. 6. How are your employees working? Where are they accessing organizational data or applications? • Organization's network (file servers, local applications) • Cloud solutions (Office 365 / G-Suite, CRM, Finance apps, etc.) Identify Areas of Access
  7. 7. What controls are in place to ensure only your employees can get to your systems? • Virtual Private Networks (VPN) • Secure Remote Access Solutions • Citrix • Splashtop MS Remote Desktop Protocol (RDP) is not secure • Good remote access solution but be behind another security boundary How do employees gain access?
  8. 8. Watch all entry points • Intrusion Detection Systems (IDS) • Log File Retention – Analyze them! • Don’t forget Cloud based systems • Security Information and Event Management (SIEM) • Capture and analyze all data • 3rd party monitored Monitor Points of Entry
  9. 9. Setup MFA on all access points to organizational data or systems. Don’t rely on simple ID / password combinations. • Security questions are not MFA • E-mail should be the last MFA option • SMS (Text messages) / Phone calls – Good • Mobile Application or Key fobs – Excellent! Enable Multifactor Authentication
  10. 10. Are you allowing connections from unsafe devices? • Consider only allowing connection from organization owned devices • Provide protective software – Endpoint protection • Access control systems – basic checks before allowing a connection Secure Remote Endpoints
  11. 11. Consider how data may be moved in and out of your environment • How can I ensure data on employee owned devices is backed up? • Do I need to put limits on confidential data so it cannot be moved outside my organization? • How can I ensure data moving into my systems is safe? Protect Your Data
  12. 12. Phishing Attacks Personal emails often don’t have the same level of protection as enterprise email solutions. Unfamiliar Websites Reports show cyber attackers taking advantage of the COVID-19 situation to spread malware. You should never need to download something in order to view an online map. Train your employees!
  13. 13. What can your employees do?
  14. 14. Update your computer’s operating system • Check the version of Windows you have • Windows 7 is now end-of-life, which means no more security patches! • Install the latest patches Update your web browser • Go to the vendor’s website and find out how Install or update antivirus software • Good options include Webroot, BitDefender, Norton, McAfee • Make certain virus signatures are up to date! Secure Their Computers
  15. 15. Secure WiFi routers or firewalls • Update the device firmware • Change default admin password • Disable remote management • Instructions on vendor's website Update Internet-connected devices • Google Nest, security system, toaster, etc. Secure Their Networks
  16. 16. Copy local documents back into your organization’s environment. Common tools include (Organization controlled): • OneDrive / SharePoint • Google Drive • Citrix ShareFile • Box • DropBox • VPN Backup Your Data
  17. 17. If you see a suspicious email, link, or website, share it through the proper channels. Communicate Suspicious Activity
  18. 18. 1. Secure The Computer 2. Secure The Network 3. Provide quality remote access solutions 4. Enable Multifactor Authentication 5. Backup The Data 6. Communicate Suspicious Activity 7. Be Click Cautious Review
  19. 19. Click cautious > click curious Thank you and stay safe! Learn more at VC3.com joe.howland@vc3.com