NEW YORK–As the economic stresses created by the coronavirus pandemic continue, credit unions and businesses are being warned cyber-criminals will continue to seek to exploit fear of financial insecurity as part of phishing campaigns, and is offering seven ways IT teams can help protect their organizations, especially with more employees working at home.
The seven strategies offered by Beazley Breach Response (BBR) Services include:
- Use a virtual private network (VPN). “Whenever possible, have employees connect from company managed computers and devices through a VPN to the corporate network. Ensure that all traffic is tunneled through this connection. This will allow many of the protections to apply to the traffic being generated from home.”
- Require multi-factor authentication (MFA). “Turn on MFA for external access to all applications, particularly sensitive ones such as email, remote desktop protocol (RDP) and VPNs, as well as for administrative accounts.”
- Lock down RDP. “The RDP attack vector is regularly targeted by ransomware attacks. Disable RDP where not required. Apply secure configurations where RDP is enabled, including use of strong passwords (at least 16 characters in length) and MFA.”
- Secure personal devices. “Implement mobile device management (MDM) for personal devices used to access to the corporate network to manage configuration, ensure scheduled updates, and allow remote wiping of lost or stolen devices.”
- Log and monitor access. “Identify and monitor successful and failed login attempts, and restrict logins from regions where employees are unlikely to be connecting from.”
- Patch systems. ‘Allow automatic patching of the operating system and internet browsers. If possible, allow IT staff to help home users ensure their patching is up to date and provide a quality endpoint protection product for them to use. Stay on top of anti-virus software updates to detect new or emerging threats that can go unnoticed in a system if the anti-virus program is out of date.”
- Conduct security awareness training. “Train employees on how to recognize common threats and scams and how to report any suspicious security incident. Conduct phishing exercises periodically to enhance security awareness and prepare employees for responding to cyber-attacks.”