With COVID-19’s spread, there have been numerous recommendations from health authorities and experts that one of the best, first-level measures to help spread infection is to wash hands with soap and water thoroughly for 20 seconds.
In recent days, we’ve frequently gotten the question: “What can I be doing RIGHT NOW to improve my security posture?” And while that answer often depends on individual circumstances (recommendations for consumers, SMBs and large enterprises may differ), here are three quick wins that everyone can be doing right now to make sure we are all “washing our hands.”
Stay on Top of Patching & Regular Software Updates. Both individuals and organizations should stay abreast of the latest patches and updates from software vendors. Patches often resolve weaknesses and security vulnerabilities within products. Patching lessens the risk that a hacker can take advantage of a previously existing weakness. For organizations, IT Ops teams need to be able to patch and configure devices remotely. Security solutions should allow you to identify vulnerabilities, install patches and validate configuration remotely via the cloud, giving your team the confidence that every endpoint is up to date on the latest policies and secure.
Use multi-factor authentication (MFA). Multi-factor authentication adds an additional step to the process of accessing critical data. The first step being a username and password, and the second step being additional verification (like a pin or a push). MFA is becoming increasingly popular for many services we access daily. Enabling multi-factor authentication ensures that the user logging in as an employee is truly who they say they are. MFA also lessens the risk of poor password hygiene. Still, as a rule of thumb, passwords should be truly random, 16-character phrases contain upper- and lower-case letters, numbers, and symbols.
Leverage a VPN. With so many employees working remotely now, using a virtual private network (VPN) can help better secure internet connection and keep private information private via encryption. Public WiFi can be a gamble as it only takes one malicious actor to cause damage.
As with any situation where infection is a possibility, a healthy amount of skepticism is always warranted. Be wary of emails coming from unknown sources, particularly if the requestor is asking you to click on a link or an attachment. When in doubt, pick up the phone and call someone to ask if their request is valid.
For more resources around COVID-19, maintaining proper security hygiene, visit our COIVD-19 Cybersecurity Community Resources page.