Multi-Factor Authentication Can Help Reduce Remote Worker Security Risks

In last week's blog article, Securing Your Home Network: What You Need to Know, we discussed best practices for home network security, which is especially relevant today considering so much of the workforce is telecommuting from home. Today, we'll cover why it is important to enable multi-factor authentication and other IT security must dos to mitigate risk during COVID-19 and beyond.

Enable Multi-factor Authentication

As phishing attacks speed up globally, it is essential for firms to understand and educate its employees on the importance of extending security practices to beyond the walls of the office. One essential security layer is multi-factor authentication (MFA). Through implementing multi-factor authentication (MFA) on employee devices and applications firms can help ensure secure remote working for its employees.

MFA is an authentication method by which a user is only granted access to a device after successfully presenting two or more pieces of evidence (factors). These are knowledge, possession and inherence based. You can read our blog article on MFA to learn more about this security tool and how it can help secure your network both inside and outside the office.

Beyond implementing MFA, remind users to only click the verification notifications if they specifically triggered it. We have seen hackers try and leverage multi-factor fatigue to gain access to systems. 

Consistently Create & Update Complex Passwords

Creating long and complex passwords plays into keeping your information secure along with changing your passwords regularly. These days, you should either be prompted to – or proactively – update your password every 30-90 days. Although this might seem inconvenient, it is one of the best defense mechanisms against would-be hackers. Remember: it’s important to use different passwords for different sites and a strong combination of letters, numbers and special characters.

Monitor the Dark Web and Respond

Across the dark web criminals are buying and selling stolen user credentials, including email addresses, usernames and passwords, to access high value (i.e. executive and privileged user) accounts. We saw this with the recent Zoombombing hacks. Once in a system, malicious hackers steal financial assets, uncover trade secrets and exploit the vulnerabilities of users. To stop this threat firms must monitor the Dark Web and respond.

Dark Web Monitoring is a vital security practice that should be adopted by companies of all sizes and technology deployments (i.e. cloud or on-premise), and is offered by trusted IT providers like Eze Castle Integration. 

Go Back to the Basics. All Security Best Practices Still Apply

While this is an unprecedented time for businesses globally, just because there's a pandemic and you're doing your job from home, doesn't mean that it's time to bend the rules and become complacent with cybersecurity best practices. In fact, now is a time where we should be even more vigilant! Don't forget all the cybersecurity training that you've received over the years - it is all still applicable while working at home.

Remind Your Employees Now to be Ultra Aware and to Follow Company Policies.

Looking ahead, the most effective way to train employees on phishing dangers, however, is through the act of actually phishing them. Managed phishing services are rising in popularity, as they effectively use phishing email simulations to test existing knowledge and also provide in-the-moment education to ensure users are best equipped to thwart cyber attacks.

This article was previously written in 2017 and has since been updated.