Working from home is becoming the new normal and it’s assumed that 70 per cent of work will be conducted remotely this year. While there are many benefits to remote work such as fewer employees taking sick days, a 13 per cent increase in productivity, and higher employee satisfaction ratings, there are some major cybersecurity risks that employers should be aware of.
Hackers have realized that a lot of businesses will be operating remotely and that many will be unprepared with weaker security.
If you’ve recently moved your team remote due to COVID-19, take some time to write out a policy to ensure strong cybersecurity. Here is exactly what should go into your remote cybersecurity policy.
Use Secure Wifi for Internet Connection
One of the easiest ways to get hacked is by using unsecured wifi. For example, if you are working at coffee shops or in a library, chances are, the wifi isn’t secure. Sure, public wifi might have a password, but secure wifi should also be encrypted. Encryption means it scrambles the information you send across the internet. This makes it more difficult for hackers to access your personal information.
Most home wifi is secure, though make sure that your employees double-check. If they don’t know how to, send them this resource which walks you through the process step-by-step. In addition, they should ideally have a WPA or WPA2-encrypted router.
Protect Yourself Against Phishing Scams
In just 24 hours, RiskIQ identified nearly 200,000 spam emails infected with malware that was linked to the coronavirus. Some of these emails were even falsely offering COVID-19 testing.
A phishing attack is an attempt to gain access to personal information (credit cards, passwords, etc). Essentially, they will send you an email, or text message with a link to some sort of offering. In the example above, the links appeared to be from the World Health Organization (WHO) and were offering COVID-19 testing.
Instruct your employees to immediately delete any emails from unknown senders. Then contact you or your ICT department immediately if they suspect they have opened a malicious link.
To recover, tell any infected employees to immediately change their passwords. Put a fraud alert on any credit cards that were used and scan your computer for viruses.
Make Backups of all Your Data
Nearly 350 million people have been victims of a cyberattack in the last year. It happens to the best of us and the best thing to do is to protect your data.
Consider using a USB device to store backup data. If an employee does become a victim of a cyberattack, you still have your data. Even if you have the cloud, realize that hackers can get into that data as well.
Use Antivirus Software to Increase Cybersecurity
One of the easiest ways to protect yourself is to use antivirus software. Antivirus software scans web pages, software, and other data for known suspicious patterns. It protects you from Spyware, Ransomware, Trojans, viruses, and other schemes that steal confidential information. The only problem with it is that it can’t recognize new patterns, so it’s very important to keep the information up to date.
Antivirus software is a great way to set yourself up for success, but realize that it only detects about 25 per cent of all malware attacks. Unfortunately, malware isn’t the only kind of attack either. So make sure that you have other lines of cybersecurity as well, such as firewalls.
Antivirus software will protect you from any malicious incoming traffic, whereas firewalls will protect you from internal data.
Check-in with your employees and require them to use trustworthy antivirus software and firewalls.
Use a VPN (Virtual Private Network)
In a traditional office setting, all devices are secured because you can control their connection hardware. With remote working, however, everyone is using different networks. Therefore, you want to make sure you use a VPN as this will secure your team’s internet connection. With end-to-end encryption, your files will be much safer.
Unfortunately, not many people are taking advantage of this. In the past month, only 17 per cent of desktop users accessed a VPN on a desktop and that number dropped to 15 per cent for mobile.
Don’t Download Unknown Software
As we continue to figure out our current remote working situation, many people may be tempted to use alternative video conferencing and instant messaging apps.
This can be very risky for the company. Employees should only use software approved by the company as other software may have weaker security. For example, if someone breaks into your video-conferencing room, he or she could drop a malicious link in the chat, listen quietly to your conversation, and/or steal data.
Require employees to create password-protected meetings only, verify attendees, and check meeting links. If you are the one choosing software, select only from established and trusted vendors, and avoid choosing a cheap option.
Create a Disaster Recovery Plan
Finally, mistakes do happen, and the faster you can resolve them, the less damage will be done. Create a recovery plan and install protocols so that employees know exactly who to call, how to act, and what to do in the event that their computer is attacked.
Create a list of contacts that they can go to in an emergency and encourage them to act swiftly. The faster that they respond, the better off your company will be, so try to instate policies that wouldn’t punish or fire them.
If one employee has been attacked, all employees should know not to accept any emails or messages from his/her account as it may be an attacker attempting to further spread the virus.
Let’s Wrap it Up for Cybersecurity
As we are all going through uncertain times, do your best to make cybersecurity a priority. It’s more important than closing another deal or meeting deadlines as it could be the difference between life and death for your company. For example, one single malware attack could cost up to $2.6 million. After the attack, your customers and clients will likely have a hard time trusting your services again.
Even with these precautions in place, there is still no guarantee that you’ll never be attacked, though you’re in a much better position than those that have nothing. Sit down with your team and emphasize the importance of cybersecurity and what they can do to keep remote working safely.
About the Author
Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.