How to Write a Cybersecurity Playbook During a Pandemic

Cybersecurity Playbook

Hands working on laptopNo one could have foreseen the COVID-19 pandemic. While most disaster recovery plans cover earthquakes, hurricanes, and other natural disasters, the one thing many businesses failed to address was a global pandemic.

This left some organizations scrambling in terms of putting together a secure remote work game plan. With so many employees now telecommuting to work, cybersecurity protocols have emerged as one of the most important aspects of your company’s digital presence.

 

3 Things to Consider When Writing a Cybersecurity Playbook

Within an office, you can largely monitor network traffic, employee behaviors, physical security, and other metrics that give you a pulse on employee behavior.

Outside of the office, employees may feel lax in terms of the cybersecurity policies you have on the books. To combat this, consider these 3 practices as the cornerstone of your remote work plan.

 

Frequently Retrain Your Associates

Simply asking your employees to grab a laptop and work from home just doesn’t cut it. Associates must understand the risks of working outside the office.

This includes guarding their passwords, ensuring they have a secluded office within their homes, and adhering to the same infosec policies as if they were inside the office.

Since many employees could be working in their pajamas, it is important to emphasize the importance of your information security policies. It might seem like overkill but stakeholders should strongly consider requiring quarterly training for remote associates.

 

Will Your Employees Take the Bait?

White hat information security professionals will often use the practice of “Phishing” to see if any employees are susceptible to email scams.

If users are able to fall for scams created by the good guys, they’re definitely vulnerable to fall for scams created by the bad guys. This provides stakeholders with the ability to rapidly identify the weak links on your team and subsequently take appropriate action.

 

Implement Multi-Factor Authentication (MFA)

A simple password isn’t enough to protect your business against malicious hackers. It’s an information security best practice to enable a multifactor authentication scheme for your employees to remotely connect to your internal network.

This could be as simple as sending a code to their smartphone via SMS that they would need to input each time they log in to the VPN. By enabling MFA on your network, you can protect your data from malicious parties who have discovered the password of an unsuspecting employee.

 

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email