For many small and medium-sized manufacturers the great teleworking experiment brought on by COVID-19 has been a painful one. The sudden shift to telework poses numerous managerial, logistical and operational hurdles. To make matters worse, cybersecurity risks are amplified by the needs of a remote workforce.
As with any complex management task, it helps to categorize and simplify the problems at hand. Cybersecurity risk management (teleworking in this case) can be broadly divided into two domains: governance and technology.
The most effective cybersecurity governance strategy is setting expectations for the organization. Developing robust cybersecurity policies and training the workforce on them are the building blocks for developing a culture of security. Additionally, continuous cybersecurity awareness training offers incredible risk management return on investment.
How to Protect Your Company
Cybersecurity policies, controls and technologies must be planned, developed and implemented with the assumption that external environments contain hostile threats. Now that employees are working from home and sometimes even using personal, unmanaged devices to access company assets, certain technology solutions are absolutely required at a minimum:
- Multifactor Authentication. Don’t rely on a single username and password for anything. Credentials can be compromised and reused in a million different ways. MFA greatly reduces those risks.
- Secure Remote Access. Unsecured remote access is a disaster waiting to happen. Virtual private networks (VPNs) or similar solutions are easy to set up and go a long way in protecting the organization.
- You would never allow company workstations and software to go weeks or months without updates. How up-to-date are the personal devices being used from home?
- Personal Firewalls. Malware and viruses on personal devices are a problem, but technologies like Windows Firewall are very effective at preventing them. However, common software such as video games will often require holes in the firewall in order to work. How secure are the configurations of the personal devices being used to access company resources?
- Secure Connectivity. The world runs on Wi-Fi and, unfortunately, so do countless insecure IoT devices like doorbells, cameras and voice-activated assistants. Old Wi-Fi standards with insecure encryption (and sometimes none at all) are still common.
For an exceptional resource on the benefits and drawbacks of various telecommuting solutions (without being overly technical), NIST Special Publication 800-46 Revision 2 “Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security.”
CMTC has tremendous experience helping manufacturers reinvent cybersecurity programs large and small. Don’t hesitate to reach out for more information on the topics discussed here (including NIST SP 800-46) or for help demystifying and understanding the complex world of cybersecurity.