The COVID-19 pandemic is continuing to evolve rapidly; consequently, we are seeing an increase in the economic strain affecting Australian businesses.  

Businesses are preparing and responding to the growing challenges by implementing contingency plans, focused on safeguarding business operations against further commercial loss while supporting the health of all staff and vulnerable members of the community.

The trend in the volume of employees working remotely is growing, as Australian businesses are addressing the social distancing restrictions being enforced by the Government to flatten the epidemic curve.  

The need for robust security controls is increasing as security breaches and cyber threats grow, as more businesses evolve to incorporate remote multi-device access into their operations.

 

Here are a few critical cybersecurity questions you should ask:

Firewalls

Have your firewalls policies been reviewed, and software updated?

To securely control the flow of traffic throughout your business network, firewalls need to be up to date with the most recent security patches to ensure there are no vulnerabilities, and policies should be in place to ensure only specific, highly secured endpoints are exposed to the internet. For example, remote access for at-home staff should be through a Remote Desktop Gateway or VPN, and desktop computers should never be exposed directly to the internet.

 

Multi-factor authentication

Have you implemented multi-factor authentication for remote access systems and resources?

Multi-factor authentication makes it significantly harder for attackers to gain access to accounts or services. Adversaries often use stolen credentials to try and gain access to your business via email or VPN login pages, but MFA can prevent these attacks.

 

VPN

Is your VPN solution patched and protected with an MFA?

VPN connections are an effective way to provide remote access to private systems and networks; however, VPN solutions must be patched regularly. There have been several high profile attacks against VPN devices recently, with severe ramifications for business. Make sure your VPN is up to date! As discussed above, implementing multi-factor authentication also aids in preventing unauthorised access to your VPN.

 

Network Connection

How secure is your WiFi connection?

Set a strong, complex password for your WiFi access point, and don’t use the default password that came with the router. It is also essential that you change the encryption default settings to disable WPS and set the encryption to WPA2 or WPA3 if this hasn’t been done already.

 

Work Devices

Is your device software up to date?

Updates to device operating systems and applications are important as they include patches for security vulnerabilities that have been identified since the last update. It is also crucial that work devices are secured with strong passwords, locked when left unattended, and are up to date with the latest security configuration.

Physical security measures should also be in place to minimise the risk that information may be accessed or removed from the site without authorisation.

 

Security Assessments

Have you reviewed your cybersecurity measures?

It is important to regularly test and review your cybersecurity measures; this allows businesses to adapt to the rapidly evolving security threats.  Ensure that IT security staff are trained in incident response and recovery and that you have contingency plans prepared ahead of time.  This also includes ensuring that all employees are informed and educated in cybersecurity measures and prepared for the increase in phishing emails related to COVID-19.

 

Our hearts and thoughts go out to the people who have been affected by this unprecedented event and we are truly grateful to all the healthcare professionals and essential service workers for their dedication and commitment.   

If you’re looking for security solutions to ensure your staff are safeguarded from cyber threats when working remotely, we are always here for you for a chat

Author