Cybersecurity Steps to Build Employee Confidence and Maintain Strong, Secure Boundaries
Cybercriminals see opportunity when people and companies are vulnerable. As hundreds of thousands, maybe millions, of people work from home for the near- or long-term, ensuring that your employees take key cybersecurity protection measures is critical.
As this article was being written, the author received an email that stood out as suspicious. While the From: name was somewhat familiar, it was odd for this outside vendor to be sending her a secure document via email share, and she wasn’t expecting any type of file from their company. Quickly, she took a screenshot and emailed the picture to her boss, who shared it immediately with IT. Luckily, in those few moments, IT’s Advanced Threat Protection had already leaped into action and deleted the email from her Inbox. Smartly, she hadn’t clicked on anything in the email because it looked risky.
In the US so far, there has been a massive uptick in the number of phishing messages, cyber scams, sales of crypto funds and bitcoin, and scam mobile apps. Internationally, there have been reports of in-person scams, including criminals exchanging infected money for fake promissory notes, as well as scammers that pose as donation sources for the WHO and other international organizations.
What Cybersecurity Risks Should Make Your #wfh Employees More Suspicious?
As employees are working remotely on a scale we’ve not seen before, company laptops and networks will be exposed to more significant threats, thereby increasing the organization’s “attack surface.”
These times require a heightened sense of awareness about cybersecurity and reminders that we all remain vigilant.
Biggest Threat? Phishing and Social Engineering Tactics
Just like our writer faced today, scrutinize emails, web sites, and downloads more closely. In our example, it looked like an email from a trusted vendor, but it could have looked like it was coming from human resources or IT personnel.
Some Activities Will Take More Steps to Stay Secure
Conducting your work activities may be different from home. Avoid workarounds that avoid company security protections. For example, stay diligent and avoid using your computing devices for work (including USB keys or non-secure networks or wi-fi) and, vice versa, avoid using your work or client computing devices for personal activities.
Refresh on Company Security Policies and Review Remote Access Policies
Take the time to read and review emails from your IT or cybersecurity departments. They will include important information related to ways you should conduct work from home and interact via Internet connections to company servers, intranets, networks, and cloud services.
Practice Good Cyber Hygiene
- Pay closer attention to the level of privacy needed for the type of information you’re working with from home. This is especially true with a sensitive customer, financial, and corporate information.
- Only use trusted and secured networks, do not use wi-fi networks that do not require a password.
- Log out of any cloud-based program when not in use.
- Follow a strong password policy and consider changing your passwords more frequently; enforce passwords on boot, set inactivity timeouts, and avoid the temptation of putting passwords on sticky notes.
Create Robust Corporate Cybersecurity Practices
- If you are allowing access to email and cloud services from your employee’s device, be sure to enforce similar endpoint security policies for antimalware and firewalls as you do with your corporate devices.
- Consider limiting employees’ ability to store or download and copy data.
- Use virtual machines as another method to provide employee access, which can help maintain a controlled environment while limiting risk to the corporate network.
- Ensure two-factor or multi-factor authentication is set up and consider using an app-based system or hardware token to generate one-time codes to grant authenticated access.
- Stay on top of promptly installing patches and updates and instruct employees to do the same.
Keep Communication Lines Open
Keep cybersecurity top-of-mind as employees shift to working from home through an IT or cybersecurity hub or intranet. Emails from leadership and management can also ensure that employees understand the current environment of risk and demonstrate how to handle them. Phish of the Day emails go a long way to show employees how their attention works. Make sure that you also have the latest emergency contact information in case your company has a security breach or you are unable to reach your employee through company channels. Having a second contact can streamline alerts and communication.
Review, Update and Socialize Your Incident Response Plans
In addition to keeping security a priority, now is the time to prepare for an untimely disruption to business or to respond to a potential data breach or security incident. Increased security risks that come with a deluge of remote work highlights the need to keep plans alive and at the ready.
Ramping Cybersecurity During Work from Home Periods
A thoughtful approach to policies, communication, and education for employees can go a long way to giving them confidence while working from home, along with the knowledge and awareness to protect the organization as your endpoints spread further and wider.
If you’re looking for a cybersecurity firm that stands at the ready to guide your small-to the mid-sized company through the current global storm, CyLumena can help.