With novel coronavirus (COVID-19) creating more demand for companies to facilitate remote work capabilities for employees, security must be carefully managed. A number of new threat trends are specifically targeting remote workers, including phishing, malware, directed attacks on home networks and more. We have compiled this list of best practices and configurations to avoid to assist your company in managing its remote workforce and maximizing security resilience as a follow-up to our article about preparing your business for remote work. In addition, please review our cybersecurity presentation for SMBs: risks, trends and best practices.
The COVID-19 pandemic is creating significant disruptions in business operations. Wherever possible, we strongly recommend that businesses put continuity plans in place to facilitate remote work and collaboration for an extended period of time. As a part of these continuity plans we recommend ensuring that remote workers are able to conduct their business securely, and that functionality is tested before going in to production.
Microsoft engineers recently presented research at the RSA security conference indicating that 99.9% of compromised accounts aren’t using multi-factor authentication (MFA). This statistic alone illustrates the enormous potential for MFA to mitigate account breaches when passwords are either guessed or exfiltrated.