Of course, people still play a role in cybersecurity. Even if you take the right precautions and put in the right security controls, mistakes can still happen. And with workers being home, even more of the responsibility falls on individual actions from end users. So you’ll need to enlist your customers’ end users’ help in keeping company resources safe.
You’ll need to train your end users on proper behavior. And with workforces being as distributed as they are, it’s worth sending periodic reminders—training simply can’t be a one-off event. When you do train them, make sure to emphasize the following:
Report lost/stolen devices
For starters, if an employee loses a device, whether it’s a smartphone or a laptop, they need to report it immediately. This gives you the opportunity to wipe the data and lock the device before a breach occurs. However, this requires you to emphasize that employees won’t get in trouble for losing devices—they need to feel comfortable coming forward. If you have a customer who’s liable to get upset at a lost device, try to remind them that recouping the cost of a lost smartphone is much smaller than taking a major reputational and fiscal hit from a data breach. Mistakes happen—they don’t need to become disasters.
Be careful on email
Remind users to be think twice before opening emails and clicking on links. Cybercriminals took advantage of the COVID-19 situation to trick users via phishing emails. Having a healthy skepticism on email matters now more than ever. Make sure to remind customers to check for things like misspellings, odd domain names, mismatched display names, or unusual requests for information.
Think twice about mobile permissions
We already mentioned the need to manage your company-owned mobile devices. However, it’s also important to get customers to take care of their own personal devices. While they likely know to password protect their devices, far fewer give app permissions a second thought. Remind them to be careful about which apps get access to permissions like location data or in-app purchases. Industry outlets like DarkReading have reported a major uptick early this year in mobile fraud, including mobile app fraud.
Protect home Wi-Fi
With customers frequently working from home, they’re often using home Wi-Fi networks that can have dozens of devices on them with varying levels of security—from corporate issued laptops to personal gaming systems to IoT devices like smart speakers. Help customers protect their Wi-Fi from intruders by reminding them to use a strong password with WPA2 encryption (or better), and make sure they also change any default passwords on administrator accounts.
Be careful on public Wi-Fi
Finally, as employees work either on the road or at coffee shops, make sure they’re careful around free Wi-Fi. Remind them that even password protected doesn’t mean secure—if they’re on hotel Wi-Fi, they’re still vulnerable to attacks from people on that network. Also, remind them to turn off autoconnect on mobile devices for Wi-Fi networks—you never know when a hacker may attempt a watering hole attack by creating a fraudulent public Wi-Fi network.
What you can’t control
On a final note, it’s worth realizing that you can’t control everything. New threats will crop up. New vulnerabilities will appear as well. Sometimes, we’ll face a seismic change in the way we work—potentially even overnight.
You can’t completely control for these factors. Yet, your customers look to you to as the expert, so you have to remain calm under pressure and when facing the unexpected. Nearly anyone can get stressed during a security event or an overnight shift in infrastructure. It’s human. But trying to remain calm under pressure will help your team make better decisions and instill confidence in your end customers.
One of the most important ways to do this is to develop plans ahead of time for dealing with potential security incidents. Make sure people know the process, their roles, and the steps to take if an incident arises. And above all, practice this and run drills. This can dramatically cut down on the anxiety during an event. You can’t control everything, but you can take as many preparations as possible to reduce your risk.
Earlier in the piece, we mentioned the importance of endpoint detection and response. With endpoints becoming ever more crucial in the fight against cybercrime, it’s important to have more complete protection. SolarWinds® Endpoint Detection & Response (EDR) helps prevent endpoint threats using AI and machine learning to detect anomalies at the endpoint level—so even if an attacker uses a fileless attack that would normally slip past AV, EDR can catch the issue and take action. It even offers an automatic ransomware rollback to return endpoints to a known safe state without you having to lift a finger. Learn more about SolarWinds EDR today.