Currently, we are experiencing a rolling crisis in Israel and worldwide – a crisis we have never encountered before.
First and foremost, the crisis is health-related, but as a result of government directives to stay at home as much as possible, it has significantly affected our daily life.
The Coronavirus outbreak causes a severe damage to the business sector. Most businesses were forced to reduce their activities significantly, while some of them had to cease operations completely.
Many employees had to take an unpaid leave, while others are working from home, and using meeting scheduling apps became a thing of routine.
Working from home has many benefits, such as availability and flexibility, however, it’s a mixed blessing – since the Coronavirus outbreak, there has been a significant increase in cyber attacks that are carried out while taking advantage of panic and fear due to the worldwide spread of the virus.
At this time of crisis, when most of us work from home and conduct meetings remotely, it is very important to rethink and reorganize our new digital routine.
Following are a few rules to help you reduce cyber security risks, while working from home:
- Method of remote access to enterprise computer systems – system access via a virtual private network (VPN) only, as well as using 2-step authentication (e.g., app password and verification code).
- Remote connection for a limited time – setting up a remote connection for a limited time (minutes/hours).
- Updating the operating system and software versions – it is recommended to update organizational operating systems and software to the latest versions, since many times newer versions are offered to enterprises due to security breaches detected in older versions.
- Hardening information security on employee computers – it is recommended to harden information security on employee computers, inter alia, by locking the computer after some time without use, disabling cookies (saving user preferences), restricting command line access, using antivirus and firewall.
- Uninstalling unused software – unused software should be removed from company servers and employee computers: reducing the amount of software will reduce the risk level.
- Limited access permissions – currently, it is recommended to limit the number of user access permissions to a minimum required for their work, regarding both the corporate network and software.
- Limiting network access via Fire Wall – it is recommended to limit the access to corporate network to a minimum. For example, it is advisable to set counties and regions that are allowed to connect to the organization. In addition, it is necessary to monitor documentation (logs) of each login.
- Using company computers – avoid connecting with PCs that are not company computers, since PCs usually have various software, the reliability of which was not properly checked.
- Refreshing work procedures – during this period, it is particularly important to refresh information security related work procedures for all employees, while putting an emphasis on allowing remote access, as part of which employees should make sure to maintain their passwords, update their software and avoid using occasional Wi-Fi connections.
- Backup – backup must be carried out for all relevant devices and information, and should be performed periodically to verify backup integrity.
Shlomi Beni (CPA), Head of IT & Cybersecurity Consulting Department at RSM Israel - Shiff Hazenfratz & Co., and the department staff, have extensive experience in providing efficient consulting to large-scale organizations and middle market companies, as part of the organizations’ preparation for working remotely, while preserving organizational assets. As the pandemic spreads, while people are working under crisis conditions, we have established a designated team of specialists, who will provide the following services:
- Reviewing the organization’s preparedness for working remotely, while reducing cyber risk and exposure.
- Providing remote training to employees on issues such as phishing, working remotely, etc., to increase awareness and provide tools for protection against future attacks.
- Conducting an information security plan that will ensure business continuity after the crisis has passed.
Services are provided remotely by digital means, and there is no need to hold meetings.
For more information, please contact CPA Shlomi Beni, Head of IT & Cybersecurity Consulting Department, by email – [email protected], or by dialing 050-7474177.