By: Caitlin Gibson
As more employees work from home to curb the COVID-19 pandemic, it’s essential that companies take this opportunity to properly secure their virtual workspaces. Not only are cybercriminals taking advantage of concerns about the pandemic to facilitate cyber attacks – even disguising themselves as the World Health Organization to steal money and sensitive information – traditional ways of facilitating cybersecurity are proving less effective. Given that data breaches can cost millions, take months to resolve, and, in some cases, cause irreparable damage, it pays to be proactive and prepared.
To protect your business, reduce the risk of a cyber attack, and ensure your remote employees have what they need to work safely, implement this three-step approach:
Communicate constantly.
An annual security awareness training might satisfy your compliance needs, but it can’t equip you with the tools you need to communicate the latest in data breaches, phishing scams, and other cyber threats to your employees. To keep your business’ virtual health top of mind, consider supplementing your annual training with an ongoing communication journey. This form of internal communications enables you to reach your employees wherever they are, making it an ideal way to manage cybersecurity communications, including:
- Sharing information about outages and malfunctions as quickly as possible
- Spotlighting examples of current cyber scams, so employees know what to look for
- Educating employees on how to appropriately navigate a virtual workplace
- Ensuring all employees know what to do if they suspect or encounter a cyber threat
A communication journey is not only an ideal way to keep remote employees engaged with your protocol year-round; it’s a great way to harness the organizational agility your business needs to effectively navigate times of change, like a widespread shift to remote work.
Encourage your employees to practice cybersecurity basics.
If techniques like phishing emails were ineffective, cybercriminals wouldn’t still use them. Whether it’s due to the pressure of a crisis or a lack of awareness, it’s crucial you help your employees avoid fundamental missteps when working as part of a virtual team.
Make sure everyone conducts their work on a secure, password-protected home network—not public Wi-Fi or unfamiliar, less secure hotspots. As soon as they’re advised to do so, make sure everyone installs patches and updates, especially to their anti-virus software, on all the devices connected to their home network.
And, encourage employees to be especially vigilant when managing their inboxes, as 91% of cyber attacks begin with a personalized phishing email. Remind your employees to take the following precautions
- Avoid engaging with emails from unrecognized or questionable senders.
Employees can thwart phishing attempts by knowing how to spot a suspicious email address alone, like those that include the name of a familiar person or company but with an unusual variation, like @mail.airbnb.work instead of @Airbnb.com.
- Don’t click on or open suspicious links or attachments.
These are the primary ways malware is introduced to computers and their networks. If you know the sender but aren’t sure a link or attachment is safe, reach out to that person another way to verify that it’s okay to open it. When it doubt, throw it out.
- Use a variety of strong passwords.
Strong passwords are at least 12 characters and a mix of numbers, symbols, and both capital and lowercase letters, and, despite the habit, don’t use the same one for everything.
- Scrutinize any message that makes you feel rushed or pressured to act.
Phishing emails routinely cite issues like a compromised account that requires verification with login credentials, outdated payment information that needs to be updated immediately, and other urgent requests. Determine if the message is asking something reasonable of you. If you’re not sure, as with suspicious links and attachments, contact the sender in another way to verify the request is legitimate or discard it.
- If you identify a scam, report it right away.
This requires everyone at the company to know the appropriate person to contact if they spot a scam, so make sure you’ve shared that contact information and protocol with all your employees.
- Never share personal or financial information via email.
If your employees do reveal any type of sensitive information in this way, ensure they know what steps to take. If they shared a username or password, they should immediately change those credentials on every site where they use them; if they think a scammer has their information, like their social security, credit card, or bank account number, they should go to IdentityTheft.gov and take the specific steps associated with the information they divulged. If an employee clicked on a link or opened an attachment that installed harmful software, they should update their computer’s security software right away and run a scan.
Fortify your cybersecurity measures.
Start with your equipment. Ensure every employee’s laptop has the latest company-provided security software and manufacturer software, properly configured firewalls, and anti-malware.
Then, strengthen your business’ network by doing the following:
- Require multifactor authentication to access areas that house sensitive information.
- Enhance your system monitoring, so you can detect and be alerted about abnormal activity as early as possible.
- Make sure your employees have downloaded the most patched, up-to-date version of your virtual private network, or VPN.
- Devise a recovery plan in case a breach takes place as a result of your employees working from home.
By taking these steps to strengthen your security, you can thwart cyber attacks and better protect your virtual assets.
As cyber crime becomes more sophisticated, so, too, must every business’ cybersecurity. That means implementing a robust communication strategy, equipping cross-functional teams with the tools and information they need to work safely, and constantly improving existing security measures. With this three-pronged approach, companies can face the unfamiliar and unexpected with confidence.
