With more employees working remotely from home during this difficult time, your Company’s data is at an even greater risk. Cyber thieves are exploiting the already unstable work environment to target your business and your data because your data is more vulnerable than it has ever been before. For this reason, Hightower Risk and our partner Data Security University is helping you defend your organizations network
and critical data through these “3 Cybersecurity Must-Do’s!”
1) Remote Work MUST Equal Secure and Private Work: Where possible, organizations should see that employees have company-issued computers and devices when working remotely as BYOD policies have inherent security issues. According to Lifewire, two-thirds of BYOD users admit not being part of a company BYOD policy, and a quarter of all BYOD policy, and a quarter of all BYOD users have been a victim of malware and hacking.
Employee remote network systems need to be up-to-date with the latest software patches, anti-virus, antimalware and security updates.
In working from home, employees are not to receive anything other than the same limited access privileges from home that they have in the office. Additionally, employees should be reminded to stay away from using public Wi-Fi, and to see that their phone and other company device settings do not auto-connect to public Wi-Fi.
It is critical that employees not intermingle their company and personal computers. Employees are not to use their work computers for personal use and must avoid saving sensitive work data to their personal computer. Companies also need to recognize that Virtual Private Networks (VPNs) do not protect remote employees’ devices, where the data itself lives. If a hacker accesses an employee’s device, the data can be used to access the employer’s network and servers. *It is also a good time for a company’s IT resources to stress test VPN’s to prevent them from being overloaded given the increased volume of users.
2) Cyber Security Technology MUST be Upgraded: Employers should see that their employees take advantage of cyber security best practices technology such as utilizing multi-factor authentication (MFA),
laptops/desktops, tablets and smart-phones are upgraded to the latest OS version from the manufacturer, and home networks are firewalled, and encrypted.
3). Employee’s MUST become your Company’s Human Firewall: As Cybercriminals know, employees working from home tend to be more relaxed, they are stepping up their efforts to trick employees through phishing, fake websites, and other business email compromise schemes. There have already been too many examples of employees working from home being lured by COVID -19 themed messages appearing to be from reputable Health Organizations, asking them to click on links and attachments designed to infect their computers with malware.
Also, be aware of what is known as Business Email Compromise (BEC). BEC is a cybercrime that occurs when a threat actor gains control of a business email account and impersonates the executive or employee who uses that account. A common ploy involves a cybercriminal sending falsified instructions through a hacked company email directly to an employee to make a wire transfer (instead of sending a check) due to a COVID-19 closure of physical premises.
YOU MUST STAY VIGILANT: it is critical for all employees to apply the type of cyber hygiene practices referenced above while staying vigilant! Employees need to question anything unusual while verifying the intent and legitimacy of all electronic communications. In this extraordinary time where companies are particularly vulnerable while transitioning to “work from home”, organizations must be particularly cautious in protecting themselves from any further damage to their financial stability.