Now more than ever, it is important for organizations of all sizes to practice sound cybersecurity hygiene. And although cybersecurity is just one of many issues challenging company operations in response to the spread of COVID-19, it is an issue for which an ounce of prevention is worth a pound of cure.
The U.S. Federal Trade Commission (FTC) and the National Institute of Standards and Technology (NIST) recently issued guidance for information security when employees work remotely. The FTC guidance focuses on what employees can do, while the NIST guidance provides recommendations to organizations. Both are summarized below. But here are some steps to take now, to reiterate to employees the importance of staying safe online:
The FTC guidance, in the form of a blog that can be accessed here, stresses good cybersecurity hygiene. Best practices mentioned in the guidance include:
The NIST guidance, accessible here, makes several recommendations from an organizational perspective, starting with the premise that all information security policies around teleworking should be based on the assumption that external environments contain hostile threats. By thinking in this way, organizations can implement measures to mitigate such threats instead of reacting in the event of an incident. The NIST guidance also recommends that companies:
As employees become more isolated while working from home and for longer periods, the importance of communication grows. The key message for individuals is to be as vigilant, if not more, of tricksters operating on the internet, and for organizations, it is to tighten cybersecurity controls.
If you need assistance on these or other privacy issues, please don't hesitate to contact Camila Tobon.