Remote work is here to stay. Claire Umeda, Vice President of Marketing at 4iQ, spotlights how to improve employees’ cybersecurity awareness with best practices.
In an effort to slow the spread of COVID-19, most states issued stay-at-home ordersOpens a new window , mandating that the public remain home except for essential activities. Working from home full-time is the new normal for millions of Americans. While this certainly prevents the spread of the novel virus, it introduces a host of other issues, specifically around cybersecurity.
In an OpenVPN surveyOpens a new window , 90% of 250 IT leaders said that remote workerOpens a new window s pose a security risk in general, and more than half believe that remote employees pose a greater security risk than onsite employees. Unfortunately, accidental exposures – when employee negligence leads to a security breach – account for many breach incidents. According to a 2019 surveyOpens a new window from security firm Egress, more than 70% of security professionals admitted to accidental internal breaches at their organizations during the last five years. This is exactly why employers should implement mandatory cybersecurity training. Understanding basic security guidelines can help mitigate cybercrimeOpens a new window . Fortunately, there are simple steps individuals can take to enhance their home’s security posture and in turn, enhance their employers as well.
Know the Signs of a Phishing Attack
A good place to start is knowing the signs of a phishing attack. The uptick in COVID-19Opens a new window phishing attacks is well documented and no coincidence. History shows that cybercriminals exploit fear surrounding major crises. Consequently, individuals – especially those who live in highly affected areas – must remain vigilant for online scams. We have already seen numerous cases of bad actors spoofing virologists and credible institutions and can expect this trend to continue throughout the pandemic.
Learn More: What Will Cybersecurity Look Like 20 Years From Now?Opens a new window
Often times, these scams are fairly conspicuous. They attempt to create a sense of urgency and trick victims into unwittingly installing malware or giving up their personal information. Phishing campaigns yield low results, but this is a volume game for these persistent cybercriminals.
Before clicking on an email, employees must ask themselves: is this email poorly written? Does the sender look legitimate? Is the sender using fear-based language? Am I being asked to click on a link or attachment? Most importantly, if the unsolicited sender is asking for sensitive information, immediately call customer support, and enquire about this situation. Employees shouldn’t hand over this sort of information unless they’ve initiated the contact or are certain it’s a legitimate communication.
When working from home, what else should employees consider? Even if it’s not a public WiFi network, an employee’s home network can still put a company at risk. Make sure the WiFi network is encrypted and secure. Some employers even create virtual private networks (VPNs), which provide secure, remote access, so it would be wise for companies to work with their IT departments to see if this is an option. Further, employees should have a unique, complex password for their WiFi networks – this will make it difficult for bad actors to gain access to the network.
Learn More: How Companies Can Manage IT Tool SprawlOpens a new window
Increase Awareness About Unique Passwords
Unique, complex passwords should be the standard for every account. It may not be ideal to remember every single password, but password managers can alleviate this burden. Why is password reuse harmful? If a bad actor gains access to someone’s Netflix username and password, for instance, and that person reused the same password for his or her work email, the cybercriminal will then have access to the individual’s personal information, and the company’s as well. A strong password will also protect against unsophisticated brute force attacks, where cybercriminals try to crack credentials using trial and error.
Zoom, a video conferencing app used in offices across America, has made headlines because of “Zoombombing†attacks, where uninvited guests gain access to and disrupt meetings. Encouragingly, Zoom immediately responded to these security concerns, but it’s not enough to rely on Zoom to keep meetings private. All organizations should require passwords for Zoom meetings, enable its waiting room feature to admit participants, and avoid making login information public.
Other best practices to reiterate to employees include: ensure all security software and devices are up to date; set up multi-factor authentication, when possible; try not to do personal work on a company laptop, and vice versa, and; back-up files regularly to protect data. Every security team should build out a work-from-home policy to provide employees with guidelines for what is acceptable and what isn’t.
Your company’s workflow may not have been seamless when work from home began, but it will no doubt get easier as time goes on and your employees get used to their remote offices. Before you know it, you’ll be back in the office, wishing you could be working from home – and, more importantly, you’ll be more vigilant when it comes to cybersecurityOpens a new window .
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!