AVOIDANCE
� Invest in a robust VPN solution that includes two-factor authentication. Make sure there is surplus bandwidth & capacity. (Remote network is the new corporate real estate.)
� Use company-issued devices to whatever extent possible:
o Avoid the Fraud Triangle -BYOD contributes to both opportunity & rationalization.
o If personal devices are permitted make sure standardized security tools and appropriate use procedures are in place.
� Store all work data in approved work locations and do not send sensitive information via unencrypted email.
REDUCTION
� Ensure all devices used for work purposes have adequate endpoint protection software and are subject to robust vulnerability management.
� Awareness Training –
� Require extra-long secure passwords/pass phrases.
� Educate staff on anti-phishing knowledge to better spot and avoid scams.
� Set guidelines for use etiquette to discourage most personal use of company equipment such as personal email or web access.
� Review home network settings to correct and upgrade as needed.
� Always avoid public wi-fi and guest networks.
� Have a remote compromise & leavers plan for asset recovery in case of a security breach or turnover of a remote company device.
� Enable remote wipe? for company-issued phones & mobile devices.
TRANSFER
� Consider transferring the residual cyber risk by purchasing cyber insurance coverage.
RETENTION
� Conduct regular cyber risk reviews to know your complete risk profile and retain as little risk as is practical for your business.
By Mark Maxwell, Outside Technologies