Guidance for CISOs to improve remote worker security, free access to small business online collaboration tools

Guidance for CISOs to improve remote worker security, free small business tools

In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.

Ann Johnson, Corporate VP of Microsoft’s Cybersecurity Solutions Group, published good practical advice for Chief Information Security Officers (CISOs) and administrators to help keep remote workers secure online. Small businesses can also take advantage of free online collaboration tool offerings during the outbreak.

“CISOs and admins need to look urgently at new scenarios and new threat vectors as their organizations become a distributed organization overnight, with less time to make detailed plans or run pilots,” Johnson wrote in a blog post.

Free small business online collaboration tools

To help employees be more productive while working online, small businesses can check out The Open for Business Hub, that provides free online tools from various vendors during the COVID-19 outbreak.

For example, Box is offering three months of free use of its secure file sharing and collaboration platform as part of its ‘Box Business’ plan free trial.

In addition, Microsoft is offering six months free use of Microsoft Teams, a unified communication and collaboration platform. Cloudflare is also offering 500 seats of Cloudflare for Teams for small businesses through September 1.

Furthermore, Google (Hangouts Meet), GoToMeeting, Cisco Webex and Zoho are also offering free online collaboration tool trials for small businesses.

Remote worker security guidance

In addition to online collaboration tools, organizations can also implement the following safeguards, as recommended by Microsoft:

  • Protect access to cloud applications using conditional access and ‘security defaults‘ with built-in protections from attacks, such as those offered by Azure Active Directory (Azure AD).
  • Enforce Multi-factor authentication (MFA) for remote access and access to critical applications/data.
  • Find and label your organization’s most critical data – to enable your organization to track and audit data usage when employees work from home.
  • Monitor for attackers disguised as remote workers (leverage advanced threat protection solutions if available).
  • Warn your employees to expect more phishing attacks, to include those targeted to steal credentials.
  • Ensure Up-to-date anti-malware protections.

Of all of the above safeguards, MFA is one of the strongest controls every organization should implement.

“The single best thing you can do to improve security for employees working from home is to turn on MFA,” Johnson added.

Finally, organizations should establish clear communication channels and transparency to build employee trust. For example, how to protect employee devices to help your employees keep ahead of cyber threats.

Related Articles