More than 6 months into the global pandemic, work from home has become the new normal and the nature of work has fundamentally changed for many businesses. In a remote work environment, it's easy for employees to become complacent about the relentless threat posed by cybercriminals. It's daunting enough to maintain a corporate culture while your employees are working from hundreds (if not thousands) of different locations and unable to directly interact, in person, with their team members and peers. Maintaining a secure culture in these times can be a formidable challenge. In the absence of timely and frequent awareness training and reinforcement by IT security teams, your employees working from home may easily fall victim to a ransomware or email phishing attack, or otherwise compromise sensitive information about themselves and/or your customers.
To help keep sensitive information secure and private while working from home, consider deploying the following solutions:
- Anti-malware protection -Malware infection isn’t just a risk to company devices. Even personal devices need to have anti-malware protection to prevent a malware infection from a shared Wi-Fi network. Employees should also be aware that simply installing the protection isn’t enough, it’s vital that they are also installing the latest threat protection updates on their PCs, Macs, and mobile devices to truly mitigate risk. Microsoft Defender Antivirus (for Windows, MacOS, and Linux) is a great option if your employees do not have current anti-malware protection. Make sure your remote teams understand that malware on ANY device in a network can compromise other networked devices - including VPN connections to corporate networks.
- Data loss prevention - Sensitivity labels can help prevent accidental sharing of sensitive documents and information, such as personal or financial data that may be subject to regulatory compliance. Use Microsoft Information Protection (MIP) to identify emails, documents, and spreadsheets containing sensitive information with custom labels created by your organization. Labels can be automatically or manually applied with specific protection actions enforced (such as encrypting content, restricting access, and preventing forwarding or printing).
- Untrusted devices – For those employees using a personal laptop/desktop PC or mobile device instead of a trusted company-issued device (hybrid Azure AD joined or marked as compliant in Intune), you can use Conditional Access (CA). You can enforce Multi-Factor Authentication (MFA), limit access in Outlook and SharePoint Online, and change session controls (such as sign-in frequency and persistent browser sessions) with CA policies. With a Microsoft Cloud App Security (MCAS) license, you can also access third-party, SaaS-based app control policies.
Unfortunately for IT managers, people are typically the weakest link in any organization's risk mitigation efforts whether on corporate-owned devices and networks or not. However in new remote working conditions, employees will be exposed to threats that on-premises security defenses would have shielded them from. Not to mention the emotional impact of employees feeling isolated and unsure of who to turn to for help or information when isolated from their peers. Many factors like these can increase risk to your organization from malicious phishing links or accidental sharing of sensitive information when employees are working outside the office. Follow the Valorem blog series to learn more about Microsoft solutions to help you create and maintain a secure culture for your organization.