With the continuation of the COVID-19 outbreak every business is being brought to implement remote working as much as possible. The reason for keeping employees at home is for everyone’s safety. Unfortunately, cyber criminals are going to make the best of this situation (as they typically do) and as we know, working from home brings with it many areas of vulnerability from a security standpoint. To get you to keep safe from the risks your business faces, we have some helpful cybersecurity tips. You’ll see how you can take action on them right away and keep cybersecurity up to par while you have employees working from home.
Cybersecurity Tip 1: Warn employees on how cyber criminals strike when uncertainty is at bay
The human element in cybersecurity is one of the most important components because it has its benefits and its weaknesses. People not only are kind and want to help each other out, but they are also easily tricked into clicking links when urgent messaging is involved. This human inclination of responding to urgency doesn’t go so well when fear or chaos are present; and it is exactly this emotion and reaction that cyber criminals leverage to conduct successful phishing scams.
Right before COVID-19 became the news outlet’s recurring headline, there was a lot of talk about tax phishing emails and scams. Now that the COVID-19 outbreak is fully at play, we are seeing the same, but with an increase in coronavirus (COVID-19) phishing emails and the methodology leveraging urgency through the fear factor.
Warn your employees not to click on any email links and that it’s best if they double check with the organization about anything work related. Also tell them to do the same with third-party partners, financial institutions, educational institutions and so on.
Training to spot phishing emails is also advisable. Here is the link to the blog we wrote that can be of help.
- Three tips for spotting phishing emails – https://www.ncxgroup.com/2019/11/three-tips-for-spotting-a-phishing-email/#.XdxL-ehKjD5
Cybersecurity Tip 2: In the absence of a pandemic plan, set up a work-from-home (WFH) policy
In a work-from-home (WFH) policy you want to identify all areas of cybersecurity risk, which includes: all devices (office devices used and personal ones); the internet; the cloud, all apps, external hard-drives, USBs, printers, and everything that will connect to the devices used for work or the internet used for work from home.
Draft something that specifically tells employees what to do to protect their work and home (entertainment systems included since they’re connected on the network) devices; have an alert system activated to tell them about vulnerabilities; and give them the steps to safeguard when alerts come in and/or the IT security professional’s contact to reach out to for help.
Cybersecurity Tip 3: Give them a checklist for proper cyber-hygiene
If you have trained employees on the proper cyber-hygiene steps to take, the checklist will serve as a reminder. If you have not trained on cyber-hygiene, this is a first step that can help your employees from home, as well as for when they return to the office.
Cyber-hygiene involves giving them the tools to know what they need to do to keep cybersecurity up and what they need to know to keep eyes open to cyber risks.
A short list to get you started:
- Updating and patching software.
- Password management tools and/or safeguards for strong passwords.
- The risks of home devices and technology like their alarm system, automatic lock system, as well as the ‘on and off’ light automatic app they use in the home.
- Securing their Wi-Fi (here’s our training video to help: https://training.ncxgroup.com/share/wifi/1).
- Securing the VPN (here’s our training video to help: https://training.ncxgroup.com/share/remote/1), which also means avoiding split-tunnel VPN since it can open a backdoor into the connection.
- Enabling multifactor authentication.
- Secure endpoints and files.
Cybersecurity bonus tip: Warn them of social media and social engineering risks
When working from home it is best for you to advise employees not to share this information on their social media accounts since cyber criminals are paying attention to that information so that they can leverage it for their own use.
It is also important for employees not to check their social media networks on office devices so that they don’t risk creating unwanted intrusion on the device and then bring it back to the office infected. Although you can’t ask them not to check social media on their personal devices, you may want to caution them to do so when they are not conducting any work whatsoever.
- This means all business software and/or network operations are not being conducted at the time and are not open or on stand-by on their personal devices. Everything business related is offline and logged out of, from their personal device before going about conducting their social media daily activity.
If you need extra hands on deck to assist with cybersecurity management while your employees work from home, feel free to give us a call. We have a cybersecurity staffing solution that might be what you need to assist with ensuring your business stays secure, and your employees.
Photo Courtesy of wavebreakmedia