The ongoing COVID-19 pandemic has changed a lot about how we do business. More than that, it has influenced where we do business. With social distancing protocols in place, many companies have been forced to send employees home to work remotely. Since this approach seems to be working, we could see a future where more people work at home than ever before.
While that is a good way to keep business going, in many ways, it can be dangerous for a company, especially when it comes to cybersecurity. When working from the office, employees don’t always think about protecting their equipment because it is usually done for them. Now, they have more of a responsibility to keep their data and the information of the company secure. To ensure that all employees are on the same page, cybersecurity education must be a part of your corporate training. Below are some important aspects to include.
Be Clear About the Risks
Even if you inform your newly remote workers that they need to protect their devices, they may not take it as seriously as they should if they don’t understand the risks. Cybersecurity is a major issue in the world, and if an employee is not careful, they could unknowingly allow a breach, and the event could be detrimental to the company and their jobs. Promote the importance of protection, and your employees may take more responsibility.
In recent years, more than 62% of companies have experienced attempted cybercrime and social engineering attacks. The costs of these attacks can be impossible to come back from, and not only that, the loss of confidence of your customer base when their information is compromised is bad for business. The worst part of all this is that of these incidents, 60% were the result of human error and new employees.
Educate your staff on how far-reaching cybercrime can be. Teach them to use critical thinking when working with any app or tool and ensure that they are using it correctly and securely. Security is especially important as companies begin introducing online meeting and video conferencing tools to maintain collaboration among staff. Webcams can be hacked if they are left on, and even software such as Zoom can be hijacked by hackers. As a first lesson, instruct your employees on proper password usage. As the doorway to all your tools, weak passwords are one of the most effective ways for hackers to gain access and steal your data. So inform them to use complicated passwords with letters, numbers, and special characters, and they should be updated every month or two.
Educate About Common Scams
Hackers are well aware that many people are working from home and that they may not have the same security that they had in the office, so they are being more vigilant with their scams. If you don’t educate your employees on these common tricks, then they could easily be the next victim. No scam is too obvious. Some hackers are as brazen as to leave a USB drive outside a home or coffee shop for a curious employee to pick up and insert into their computer. This is one of the easiest ways to upload a virus.
Cybercriminals continue to have success with phishing scams. Essentially, they are emails sent to personal and business email addresses that appear to be from a legitimate source, but they are instead sent with a malicious link or attachment. When either of these is opened by the recipient, malware is released, and the hackers have free reign in the system. With COVID-19, hackers have been trying to take advantage of emotions by sending fictitious alerts and fake meeting notifications in hopes that people will click on them.
Educate your team on the warning signs of phishing scams, including:
- Emails with many spelling errors.
- Links or attachments that you were not expecting.
- A general greeting like “Dear sir,” or “To Whom It May Concern.”
- Emails that appear to be official but are from a general email provider like Gmail or Yahoo.
There is also the Trojan attack, which is software that appears to look authentic and useful, like a security update, but it is malicious code, and when you install it, your data is immediately put at risk. For these reasons, employees should be informed that they should reach out to their IT team whenever they see anything suspicious pop up on their computer.
Using Personal Devices
With your employees working at home, they may have more of an urge to use their personal computers, phones, and tablets to do their work. However, as a general rule, keep business and personal devices separate as often as possible. A breach on their cell phone could be sent to the company device by way of email, and then both your personal and professional life is at risk.
Remember that almost any device can be vulnerable, so the security practices that you use at work should also be done at home. At the office, important documents are shredded after use, so do the same in your home office. Company computers should have active antivirus software installed along with two-step authentication and data encryption. Educate your employees on how to enact these security procedures on their personal devices as well.
Many employees might also decide to take their work outside of the home and head to the local restaurant or coffee shop. They must be mindful of security when out in public because hackers have other tricks up their sleeves, like the man-in-the-middle attack. This is a fake Wi-Fi account set up by the hacker that looks like the real network at the business, but when you connect, you are connecting to the hacker’s device. Human Resources should put a policy in place for best practices when working out of the office and have employees sign it, so they know that good security is their responsibility as well.
Those who are new to working from home may feel a newfound sense of freedom, but independence can be dangerous without the proper precautions. Educate your employees now, and you won’t be sorry later.