Date: 1 April 2020
With little time for cybersecurity training, how can businesses ensure their employees work securely from home?
David Cass, Vice President for Cyber and IT Risk at Federal Reserve Bank of New York, recently spoke with Amar Singh, Founder and CEO of Cyber Management Alliance.
Download the Remote Working Cybersecurity Checklist.
The two cybersecurity experts talked about their opinions and insights about remote working and the key aspects of cybersecurity that organisations and staff members should focus on while working from home – a phenomenon that has taken on global proportions in the light of the COVID-19 situation.
David Cass, Vice President for Cyber and IT Risk at Federal Reserve Bank of New York
They also delved into the recently-released ‘Remote Working Cybersecurity Checklist’ created by Cyber Management Alliance with contributions from members of the global security community.
As this is an opportune time for attackers and for phishing attacks, it is imperative that employees are sensitized to the cyber threats they face while working from home and are given a basic sense of cyber incident response and management. David Cass explained how a lot of threat actors are distributing malware in the guise of COVID maps or other malicious links, which people do get tempted to click on without verifying if these emails and links are from a trusted source or not.
Everyone is dealing with challenges while working at home and many of these are emotional or psychological challenges which makes people quite susceptible to social engineering attacks. Organisations must be cognizant of this trend and take steps to ensure their business and their staff is safe.
Since most employees were sent to work from home in a rush, they weren’t given adequate training for cyber safety so cybersecurity checklists such as those released by Cyber Management Alliance can be a great starting point to alert staff members about the things they must be careful of.
David also recommended that organisations which have a good work-from-home policy should implement the requirements of the policy with agility, especially the use of corporate VPN.
Amar and David Cass also brought up different threat vectors that people who haven’t worked from home ever may not be aware of. Again, it’s the onus of the business management to highlight those and encourage people to look at their privacy more closely and check if their smart home devices or video cameras are turned off at appropriate times, especially when they’re discussing sensitive professional information.
There is a tonne of other vital information in CM-Alliance’s cybersecurity checklist that David and Amar discussed and highlighted, especially to help small and medium businesses ensure that their staff can work more securely from home. Things like helping them understand the importance of using strong passwords, changing their passwords regularly and storing them securely etc. are basics that need attention.
Download Cyber Management Alliance’s hugely popular Remote Working Cybersecurity Checklist here and distribute it amongst your employees to help them work securely.
You can also download NIST's technical Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
David Cass made it a point to state that the opinions in the video are his personal opinions and that they DO NOT represent his employer’s views.
If you’d like more information on our Cyber Crisis Tabletop Exercises click here or call us on +44 (0) 203 189 1422 or email us here.
