With many companies sending their employees to work from home as the COVID-19 pandemic rages, new security challenges have cropped up. Employers and employees alike have to be extra vigilant about security and privacy when working from home, and the COVID-19 crisis has spurred an unprecedented social engineering attack of historic proportions, according to Computer Weekly.
Indeed, hackers and cybercriminals aren’t going to let this crisis pass them by without doing their utmost to exploit it, and that’s true whether you’re a Fortune 500 company or a Mom-and-Pop outfit, or something in between. You may be scrambling to adjust to a new normal in which all or most of your employees are working from home in suboptimal conditions, but now is not the time to let your digital guard down. Make the most of the resources at your disposal, be proactive against threats, and train your employees to recognize phishing attacks and other threats.
Educate Your Employees
If you only do one thing to protect your business from cyber threats during this pandemic, you should educate your employees to recognize malware, phishing attacks, and malicious apps so they can avoid them. Many companies are issuing laptops, smartphones, tablets, and other devices to employees to use while they work from home during COVID-19, but just because your employees might be using company devices to do their work doesn’t mean they’re safe from COVID-19-related scams.
Phishing scams and other social engineering attacks are ramping up right now — Google reports seeing more than 18 million COVID-19-related phishing emails per day as scammers attempt to capitalize on the fear and uncertainty many are feeling during this pandemic. Some of those emails are bound to end up in your company’s inboxes. Train employees on internet advisor’s security best practices, including how to recognize suspicious emails and what to do with them. Don’t make the mistake of thinking that a single training will do the trick, either. Perform regular, repeated training sessions to pound the lesson in. Online security training is especially viable at a time when many are working from home.
Employees working from home are likely to use their home internet connections, and you don’t know how secure those connections might be. As some states and cities loosen restrictions and lift stay-at-home orders, cooped-up employees may even choose to go out and use a public wifi connection.
Whether they’re using their own home internet connections or hopping onto public hotspots, your company’s data could be at risk. You don’t know who might have access to your employees’ many home networks, or what nefarious third parties might be tracking your employees’ activity online. Have employees use a virtual private network (VPN) to connect to company servers, and protect your data from prying eyes.
You obviously need to keep track of any devices issued to employees for home use, but you should also keep tabs on how employees are accessing and using data outside the office. If you have a bring-your-own-device (BYOD) policy without clear and strict guidelines for using those devices securely, now is the time to shore up those policies, or nix the BYOD policy altogether — devices that your company owns are more secure, and you can better track how employees use the devices as well as your company data. Weekly security check-ins can help ensure that employees are installing software updates and completing training modules.
Employees should be using strong antivirus and anti-malware protection on any devices and any networks they use to do work remotely. You need to prioritize advanced network security solutions at this time, both in and out of the office. In addition to real-time threat detection, you need a solution to apply software patches and monitor remote network access points for suspicious activity.
Use the Cloud
Are employees backing up their work? Have employees work within a secure cloud environment to ensure that data remains safe even if a device gets hacked or simply breaks. Steer clear of public cloud storage options, which have been showing the strain of increased use as of late. If you can afford it, choose an enterprise-level, secure cloud solution.
COVID-19 has already brought significant changes to the employment landscape, and if predictions are true, the pandemic is only just beginning. Many employees at the largest, wealthiest companies have already been told to work from home for the next several months, and even small companies will have to work to minimize the spread of the virus by asking employees to work remotely when possible. Make sure your data is as safe as your workforce — make cybersecurity during COVID-19 a top priority.