Keeping Your Cybersecurity Strong, Despite Remote Work
As Many Organizations Are Forced to Embrace Remote Work, They Realize the Complications of Transitioning to Working from Home on Short Notice – Most Notably, Staying Safe Against Cybercrime…
When organizations don’t plan for remote work, various challenges can come up – from less productivity to more social isolation between co-workers. But the biggest challenge of all has become apparent over the past few weeks: cybercrime. Why? Because cybercriminals know everyone is working remotely without much notice to plan in terms of staying safe. They’re launching phishing attacks, phony domains, and other threats designed to:
- Convince people to divulge sensitive information
- Drain bank accounts or trick people into sending wire transfers
- Infiltrate home networks to gain access to corporate resources
While many organizations have planned for cybersecurity in the office, we’re no longer working from that environment. Instead, many of us are working from home – connecting to corporate resources from our own devices.
Don’t Be Mislead Into Believing Remote Work Isn’t a Good Option. It’s a Great Option When Planned Out Ahead of Time…
As organizations are forced to embrace remote work, and various challenges come up, it’s easy to start believing that remote work simply isn’t a good option. But there are quite a few benefits to working remotely, especially when it’s planned out ahead of time. Recent studies from some of the world’s leading research institutions have highlighted how powerful remote work can indeed be:
- Productivity is increased by an average of 35-40% for workers that work from home as opposed to working in the office.
- Employee retention is improved, as 54% of employees say they would happily change their jobs for a more flexible opportunity.
- Profitability is increased with businesses saving approximately $11,000 per year, per part-time remote employee.
So how do you create a remote work strategy that ensures your employees stay safe against threats that could otherwise pose a risk to your organization?
Talk to Your Remote Workers About Their Devices Ahead of Time…
If you’ve already started working remotely, it’s not too late. Make sure you’re having a discussion with your employees about their devices. If they’re using outdated, antiquated computers or an unsupported operating system, they’re likely riddled with vulnerabilities that make it easy for cybercriminals to exploit. We recommend the following:
- Ask for specifications on devices: You should be aware of the type of device they’re using, how old it is, and what operating system they’re running. Do some research to make sure they’re using a new enough, current device. If you’re not sure, reach out to us and ask.
- Review the signs of infection: Your remote workers should be aware of the symptoms of infection. Many home computers are already infected with some form of malware, so it’s best to catch it early. Tell them to look for slow performance, new programs suddenly installed, and strange pop-ups on the screen.
- Provide a corporate-owned device if needed: If you determine that someone’s device is outdated or they’re already showing signs of infection, it’s best to upgrade their device with a corporate-owned device. Naturally, this corporate-owned device should come with a policy that requires them to avoid personal use.
- Talk about password best practices: In the office, you were likely already talking about password best practices with your team. But make sure they’re aware that those best practices should continue to be followed at home. This means a robust and unique password for each account used.
Remember, It’s Fairly Typical to Let Your Guard Down at Home… Here are Our Tips for Keeping Remote Workers Secure.
Unfortunately, the majority of people will let their guard down at home, and right now, we’re all facing a certain degree of uncertainty and fear given the current circumstances. Cybercriminals are taking advantage of this uncertainty and fear – launching coronavirus-related attacks in the form of:
- Phishing emails that claim to be from the WHO, CDC, or other governmental agency offering advice, guidance, or information on a cure.
- Phony websites that claim to be offering downloads for remote access tools, collaboration software, and other programs for working from home.
The FBI has issued alerts regarding various scams related to a range of topics. Share the following with your remote workers:
- Alert Regarding Medical Supply Scams
- Alert Regarding Healthcare Fraud
- Alert Regarding Cryptocurrency Scams
Here are our top tips for keeping your remote workers, and in turn, your corporate resources safe during this challenging time:
Create a Remote Work Policy:
Remote workers are using various devices on their network, which means they’re at a higher risk than they would be in the office. A remote work policy should enforce strict security protocols in regards to accessing systems, data, and applications. Make sure your remote work policy addresses:
- Minimum acceptable specifications for devices.
- Password best practices.
- Acceptable cloud and/or remote access tools.
- Mandated usage of multi-factor authentication and/or encryption
Provide the Necessary Security Tools:
If you haven’t already, provide the necessary security tools for each remote worker, including anti-virus software, spam filtering, multi-factor authentication, single sign-on capabilities, and more. Licenses should be purchased and provided to employees for use at home.
Use an Enterprise-Grade Collaboration Platform:
When choosing a collaboration platform to allow for simplified file sharing, video conferencing, and other features, make sure you’re using an enterprise-grade platform. While there are many great free options out there, it’s best to use something that’s known for its high level of security. Microsoft Teams, for instance, is an excellent option as it enables anytime, anywhere collaboration while ensuring security is built into the platform with:
- Automatic encryption of data in transit and at rest
- Secure guest access
- Multi-factor authentication
- Single-sign on (SSO)
- And much more
Review the Signs of a Phishing Attack:
Right now, phishing attacks have increased drastically as cybercriminals use the coronavirus pandemic to their advantage. Talk to your team about the signs of a phishing attack, so they’re not caught off-guard. Here are the signs of a phishing attack everyone should be aware of:
- Spelling and/or grammar errors: Legitimate organizations are careful with proofing and edition while cybercriminals are not.
- Urgent action required: If an email seems to include a sense of urgency, such as “act now or we’ll terminate your account,” it’s likely a scam.
- Slight changes to the address: Pay attention to all email domains and website URLs to spot any slight differences from the legitimate organization.
HRCT is here to help. Reach out to us via the chat box or give us a call if you need a hand keeping your remote workers secure against cybercrime.