With Increased "Work From Home" Employees, How Can Companies Improve Cybersecurity?

Brian Berger, President of Cytellix Corporation • January 8, 2022

The COVID-19 pandemic made work environments change in almost an instant. Offices were forced to close down to keep employees safe and socially distanced. For many companies, a large number of employees are still working from home, at least part-time. Some businesses even chose to become permanently remote to save on overhead costs. While working from home is more convenient for employees, it can spell trouble for maintaining proper cybersecurity hygiene as a whole. Think about it; each employee is working from their own networks, in different areas of the state, country, or world, and networks and user behavior cannot be as meticulously analyzed as it could when all processes were happening under one roof. Cybersecurity is more important than ever to avoid data leaks, system breaches, and other cybercrimes. Here are a few ways you can improve your cybersecurity for employees working from home. 


Insist that all work be done from company devices that are equipped with a VPN

The most important tip that we can give you when it comes to protecting your company's information is to ensure that all remote employees are working only from company-provided devices. There is no reason to overlap personal and work tasks on phones, tablets, or laptops. That being said, it is your responsibility to provide these devices and enforce that they are to be used only for work. Make sure you are an administrator on all devices so you have access to settings that you don't want to be changed. In addition, you want to install a VPN (Virtual Private Network) on all computers or laptops. A VPN provides a secure and dedicated communication path for the laptop to work under, preventing hackers from accessing sensitive information or tracking the device. Make sure to invest in a solid VPN provider that is secure and well-trusted. Cybercriminals are crafty, so you want a VPN service that can stand the test of time. 


Encrypt all devices to protect data

Before you give each remote employee a device equipped with a VPN, you should encrypt all data on it. Encryption translates plain text data into code that only those with authorization can translate back. Sensitive data should be encrypted from everyone except the highest-level employees, but other information can be visible to the entire company. Encryption takes standard data and morphs it into ciphertext that can only be decrypted with a permission key. This allows sensitive information to be transferred via the internet with a reduced risk of clear text view from cybercriminals. There are several types of encryption to choose from, so pick the one that will protect the data of your business. Encryption is particularly important for businesses that store client information such as hospitals, banks, government agencies, and more. 


Require multi-factor verification/login

Another way companies are protecting data is by requiring multi-factor verification. Let's say a remote employee wants to access the database of customer records from home. Firstly, that should be encrypted. If that employee has permission to decrypt data, you should still require at least two other sign-in methods. You can have your multi-verification set up to lock after so many failed attempts. Not only will this deter hackers, but it will also alert the leaders of the company when a cyberattack is attempted. With the technology available to us, we can create all kinds of verification processes that require several passcodes/pins, SMS verification, email confirmation, and more. The more walls you put between the outside world and your important data, the safer working from home will become. 


Be selective with which employees can access sensitive data

If you're like most companies, you have a hierarchy of employees. When you work in-person, there are some tasks and meetings that can only be done by high-level workers. You should keep this same mentality when you make the transition to remote working. Give your senior employees access to the more sensitive information while barring other team members from it. Basically, if a worker doesn't need the information to complete their daily tasks, they shouldn't be privy to it. Provide access only to data that is relevant to each department to prevent potential problems. The more people that can get into secret files, the more points of entry cyber criminals can try to get through. Keep the hand close to your chest as they say.


Install anti-virus software or custom cybersecurity solutions on all devices 

Finally, you need to ensure that any and all company devices have a solid antivirus program installed. Better yet, get a customized cybersecurity solution that provides complete cyber awareness. Cytellix has worked with hundreds of companies, including some top government agencies that require the utmost digital protection. Our team can create cybersecurity solutions that meet your exact needs and allows the business leaders to keep an eye on all goings-on, even when employees work from home. Our Cytellix Cyber Watch Portal gives you a 360-degree look at the entirety of your business. You can spot weaknesses in your security, identify problems before they arise, and instantly implement solutions. No other cybersecurity specialist offers an all-in-one platform as we do. With all of your employees working from home, it's more important now than ever to continuously monitor your network, systems, processes, and data. When you work with Cytellix cybersecurity experts, you get top-of-the-line software that is leaps and bounds above other affordable solutions. When you work with the best, you get the best. 


As you can see, there are many steps you can take to protect your business and clients as your team works from home. For the highest-level protection, work with cybersecurity experts like Cytellix to get customized solutions designed and implemented just for you. Cytellix has expert capabilities in cybersecurity technology, risk management frameworks (RMF, NIST, CMMC, GDPR, FFIEC, ISO) and provides a complete visibility platform that supports: DoD customers, DIB Customers, DoD Supply Chain, and other highly regulated industries (Finance, Automotive, Utilities, State and Local Government).  Our technology stack includes SIEM as Service, 24x7 SOC, Vulnerability Management, Real-time continuous cyber monitoring, Firewall Management, and threat hunting and threat correlation. Call (949) 215-8889 to speak with our team today and learn more at https://cytellix.com/.

small business cybersecurity

MSP SPOTLIGHT: Go Beyond Baseline Security.

By Walt Czerminski August 30, 2023
Explore the challenges MSPs face in providing holistic cybersecurity support to their SMB clients and discuss how a programmatic-optimized approach can help bridge the gap, ensuring enterprise-level protection without breaking the bank for SMBs, while adding revenue opportunities for MSPs.

The Clock is Ticking for CMMC 2.0: Here’s Everything You Need to Know – START NOW

By Brian Berger August 23, 2023
The Department of Defense (DoD) has formally presented the CMMC regulation for official evaluation, marking the start of its journey toward formal announcement. Every regulation proposed by the executive branch, including this one, undergoes scrutiny by OIRA, a division of the Office of Management and Budget (OMB). The significance of this step is that the previously mentioned "delays" in the CMMC process were due to the time taken for the DoD to forward the rule to OIRA. With this action now taken, the subsequent stages of the rulemaking procedure are underway. Nevertheless, due to the intricate nature of federal rulemaking, several more stages need to be navigated before the CMMC becomes a part of contracts. The following scenarios should be considered for preparation for compliance and certification for the Defense Industrial Base (DIB). Scenario 1: Proposed Rule Submission to OIRA: The Department of Defense (DoD) has officially submitted the CMMC rule for regulatory review to the Office of Information and Regulatory Affairs (OIRA). Review and Publication: After OIRA's review, which takes an average of 66 business days, the CMMC rule is expected to be published in late October 2023. Public Comment Period: A standard 60-day public comment period will follow, ending in December 2023. Finalization: The CMMC rule will be published as a "proposed rule", which means it will only become effective after the agency responds to public comments in a final rule. Based on historical data, the average time for DoD proposed rules to be published as final rules is 333 business days. This means the CMMC final rule is expected between February and April 2025 . Phased Roll-Out: The DoD plans a 3-year phased roll-out for CMMC contract clauses. Assuming the final rule is published in Q1 2025, all relevant DoD contracts will contain CMMC by 2028. Scenario 2: Interim Final Rule Immediate Effectiveness : If the CMMC rule is published as an "interim final rule", it will be effective before the agency responds to public comments . This means the rule would be in effect and appear in contracts in Q1 2024 . Rarity of Interim Final Rules: Such rules are rare and bypass the usual democratic process of "notice and comment" rulemaking. They are typically granted in urgent situations, like the need to enhance national security. So when should you start preparing? Before we start with the background and changes, let’s talk about the "Big Elephant” in the room. Clearly, the updated compliance and certification process developed by the DoD and the non-profit organization liaisons has been long overdue with a lot of anticipated deadlines that never materialized. And with the latest announcements it does seem to be mildly reminiscent of the movie comedy and colloquial meaning of Groundhog Day. Since the Library of Congress selected the film for preservation in the National Film Registry I found humor in relativity, not cynicism. Opinion: This is different and the information we have in the DoD supply chain must be protected from our adversaries. This is a serious issue and needs clear and precise guidelines as the supply chain will not spend money on the protection of the information that protects national security unless they must as it is deemed as a complex undertaking. That’s an unfortunate reality. We have seen the start and restart of the cyber programs for DoD for the past 5-years, what makes this different? The implementation of the CMMC rule in contracts will be phased in over a period of 3 years, with all relevant DoD Defense Industrial Base (DIB) contracts containing CMMC by 2028. For a company with 50-100 employees operating in the DoD supply chain, it takes an average of 12-18 months to prepare for assessment and audit for eventual certification, with certification being the ultimate requirement for compliance. Therefore, the time is now to start the process if you plan to hold government contracts in 2024/2025. There are also varied flow down requirements that need to also be taken into consideration. Understanding Plan of Action and Milestones (POAM) There is now the ability to present interim status vs 100% compliance as we have with the current DFARS and NIST requirements. These interim reports can be handled in the traditional manner by presenting a Plan of Action and Milestones (POAM) that have a less than 180-day completion date for allowed baseline gaps. Unallowed gaps will have a “No POAM” designation and need to be implemented. If you have any doubts, work with a highly skilled 3 rd party who has expertise in these standards and a track record of enabling comprehensive successful standards-based cyber programs. The information presented by the suppliers in POAM’s or claiming 100% compliance will be evaluated and can and will likely trigger audits if certain high-level cyber controls are not met or the 100% compliance score creates suspicion of a false claim. Be careful to present accurate and validated information. So, what does this all mean? You must be compliant with DFARS clause 252.204.7012 and NIST 800-171 today. This is a requirement of your current contracts, and the False Claims Act applies to all cyber compliance representations. If you are not compliant, you could be subject to civil penalties and criminal charges. You need to start preparing for CMMC 2.0 today. The deadline for the final rule is 18 months from now, and it will take an average company in the DoD supply chain 12-18 months to become assessment ready. Waiting is not an option. Waiting is a bad idea. Why you ask? It is very clear that most suppliers and Small and Medium Businesses are not cyber ready and nowhere near compliant with any cyber framework. The timeframe for a typical business to understand, develop and implement full compliance is more than 1-year assuming they have the skills and personnel to complete the objectives. CMMC 2.0 clearly aligns with DFARS and NIST, so it is the best way to protect your organization's sensitive data. Don't delay, start preparing today! *If you have any questions, please reach out to our experts – [email protected]