Microsoft’s John Hewie shares tips for organisations and their staff to stay safe online
In a recent LinkedIn post, Microsoft’s national security officer for Canada John Hewie has shared some top tips for how organisations and their staff can combat cybersecurity threats while working from home and on personal networks during the Covid-19 pandemic.
“The disruption caused by Covid-19 provides heightened opportunities for cyber criminals,” wrote Hewie. “With employees working on home networks – and sometimes even personal devices – everyone should maintain a heightened vigilance to cyber threats. It’s more important than ever to ensure your organisation maintains security best practices and monitoring while businesses adjust to the current realities.”
Warn employees to expect more phishing attempts
The Canadian Centre for Cybersecurity has observed increased reports of COVID-19 related phishing campaigns and malware scams targeting Canadians. As such, encourage your staff to be aware of anything that looks “off” – urgent requests that break company policy, use emotive language or have details that are slightly wrong. Provide clear guidance on where to report suspicious messages.
Make sure devices have up-to-date antivirus software
“For Windows 10 devices, Microsoft Defender Antivirus is a free built-in service enabled through Settings,” Hewie wrote. “Turn on cloud-delivered protection and automatic sample submission to enable artificial intelligence (AI) and machine learning to quickly identify and stop new and unknown threats.”
Use multi-factor authentication
This will provide an additional layer of security and prevent a significant number of identity-based attacks. Use Windows Hello biometrics or find out more about Microsoft Authenticator.
Retrain on how to spot phishing emails
Cyberattackers are using new methods to defraud organisations, so ensure that you and your employees know how to spot phishing emails and telephone-based fraud.
Activate conditional access and protection policies
While many employees have work laptops they use at home, organization will likely see more personal devices accessing company data. Azure AD Conditional Access and Microsoft Intune app protection policies can help to manage and secure corporate data in approved apps on these devices.
Create a cybersecurity incident response plan
Have a plan to respond to a cyber security incident and establish roles and responsibilities within your organisation. Practice the plan as thoroughly as possible to identify where there are gaps. Know how to contact your Microsoft support representative and understand the type of assistance that they can provide.
“These are certainly unprecedented and challenging times,” wrote Hewie. “However, with the right type of awareness and action, we can all help prevent a cyber security incident from causing more harm.”