Your security checklist to help protect your employees working from home
Get a security checklist to protect your employees working from home. Intelligent security can help you identify, pre-empt, mitigate, and stop internal and external attacks. The third post in the Keep your business running securely blog series explains the threats Canadian organizations face and the concept of layered security then suggests some solutions and practices you can embrace to help modernize your security.
Cyberthreats represent a clear and present threat to Canadian organizations of all sizes, in both the private and public sector.
Security risks on the rise
Unfortunately, cybercriminals prey on fear and uncertainty; during times like these, hackers run scams and commit fraud like, but not limited to, email attacks, fake websites, and text scams. Remember, hackers don’t discriminate or care who they attack.
Criminals search for organizations relying on outdated or unsecure IT to work remotely. Make sure you take steps to protect yourself!
If anything, unsuspecting small businesses represent an ideal target for cybercriminals. They count on these businesses to skimp or to implement sporadic and inconsistent cybersecurity measures. And yes, during a crisis, those same criminals capitalize on fear and uncertainty to target employees, especially those unaccustomed to working remotely.
In their national survey, the Office of the Privacy Commissioner found 92 percent of Canadians expressed some level of concern about the protection of their privacy!
Protecting your privacy—and that of your customers and vendors—is another important reason to improve your security. Canadians, as customers, clients, and citizens, expect the organizations they rely on—big and small—to go out of their way to protect any data they provide and their communication, including emails and video conference calls.
When employees rely on different devices and apps to share files, send emails, or do video calls, your company’s risk of a security and privacy breach climbs exponentially.
The most secure strategy
Adopt a layered security approach. Think of each security technology or practice as a layer of armour. The more layers you add, the fewer potential breaches and the lower the damage should a hacker breach your cyber defence. Don’t rely on just one layer! One layer of cybersecurity, like an antivirus software, cannot protect your business working remotely. That app or utility is just one piece of the security puzzle you need.
Knowledge is power. Visit the Canadian Anti-Fraud Centre for more information about current fraud and identity attacks in your area.
You may not need to adopt all the technologies or practices we talk about next, but we strongly recommend that you consider them. Think of how they can work together as a digital defence plan. Beyond file protection, your plan must also protect transactional information, databases, lists, and all other sensitive data, including your identities. Remember: Identity theft can wreak havoc on thousands of lives.
Your security checklist
From the simple to the more technically complex, here are some security layers to consider when devising your security strategy.
- Employee training -> Train every employee *not* to open attachments or to click links in unsolicited communication, even if the emails, texts, or calls seem to come from a recognized source, especially when they request information, personal, or otherwise. This Microsoft article offers descriptions of phishing threats and a list of the telltale signs employees should look for, such as:
- The communication you receive is unsolicited
- The sender does not mention you by name
- The communication requests information
- The sender asks you to install/adjust/enable software
- The sender’s email address does not look accurate
- The sender’s address does not match their name
- The link or URL does not point to the correct website
- The communication contains errors, like typos
- You can see multiple recipients received the email
- The communication or website doesn’t look right
- The page that opens is an image, not a page
- Secure employee hub -> Ensure your employees communicate securely using Microsoft Teams, a collaboration hub. This one app reduces internal emails and keeps employees connected by enabling them to message, call, and host meetings. Keep your calls secure and private! Get links and guidance in this Teams blog post.
- Built-in security -> Rely on business-class solutions that feature built-in enterprise-grade security. Ensure all employees run always-up-to-date software, and/or keep their applications and devices current by running the latest security updates. Windows users should enable Windows Defender Antivirus.
Microsoft Security Graph, which underpins Microsoft Security, enables rapid threat detection and response based on billions of daily emails and insights from intelligence, machine learning, and analytics.
- Advanced threat protection -> Office subscribers can add advanced threat protection, which leverages the Microsoft Security Graph to provide industry-leading defenses. The most basic plan introduces features like safe attachments, safe links, anti-phishing policies, and real-time reports. See Advanced Threat Protection plans.
- Multi-factor authentication -> Introducing a second form of authentication when employees sign-in is one of the most effective things you can do to protect your organization. Its familiarity from the consumer digital world makes it easy for employees to understand and accept. Set up your multi-factor authentication (MFA) now.
- Device management capabilities -> Even with work laptops at home, employees still use personal devices to access company data. Put security measures in place to protect your network and control access. Office subscribers can expand their Microsoft 365 subscription to include device management as well as a full suite of advanced security features, including Advanced Threat Protection, app protection, and more:
- Advanced Threat Protection – for phishing, malware, and zero-day threats
- Selective Wipe – to remotely wipe company data from lost or stolen devices
- App protection for Office mobile apps – to restrict copying/saving of your info
- Information Rights Management – to control who has access to company info
- Windows Defender Exploit Guard – to provide pre-breach threat resistance
- Exchange Online Archiving – to enable a long-term business preservation policy
Additionally, here are some smart security layers for mid-market and enterprises:
- Device management in Azure -> In Azure, you can combine Azure AD Conditional Access and Microsoft Intune application protection policies to manage and help secure data in approved apps and on personal devices.
- Single sign-on -> Azure Single sign-on enables you to connect identities to all of your apps from anywhere, enforcing strong authentication to prevent compromise, and using Conditional Access and Identity Governance to ensure that only the right people have access to the right resources.
- Visibility across your digital estate -> Azure Sentinel gives you the ability to identify security risks across your operations. With artificial intelligence built-in, Azure Sentinel makes threat detection, hunting, prevention, and response smarter, faster, and automated.
- Secure access to your on-premises apps -> Most organizations run lots of business-critical apps that may not be accessible from outside the corporate network. Azure AD Application Proxy is a lightweight agent that enables access to your on-premises apps, without providing broad access to your network. Combine it with existing Azure AD authentication and Conditional Access policies to help keep users and data secured.
Security checklist summary
- Employee training to spot phishing and other cyber crimes
- Secure employee hub like Microsoft Teams
- Built-in security with Windows Defender Antivirus
- Advanced threat protection for Office subscribers
- Set up multi-factor authentication for everyone
- Device management capabilities with Microsoft 365
- Device management with Azure AD Conditional Access and Microsoft Intune
- Single sign-on with Azure using Conditional Access and Identity Governance
- Visibility across your digital estate with Azure Sentinel
- Secure access to your on-premises apps with Azure AD Application Proxy
Keep your business moving securely series
- How to work remotely, for everyone who needs to stay productive from home
- Eight remote working essentials to stay productive
- Your security checklist to help protect your employees working from home
- Empowering Canadian healthcare teams with new remote working tools
- Secure remote working solutions for government agencies
- Secure remote working for human resources teams