With more employees working remotely, company data is at an even greater risk. Cyber thieves are exploiting the already unstable work environment to target businesses because data is more vulnerable than it has ever been before. Bluefin’s partner, Data Security University, has compiled “3 Cybersecurity Must-Do’s” to help organizations defend their network and data through these critical times.
1) Remote Work MUST Equal Secure and Private Work
- Whenever possible, organizations should ensure that their employees have company-issued computers and devices when working remotely as Bring Your Own Device (BYOD) policies have inherent security issues. According to Lifewire, two-thirds of BYOD users admit not being part of a company BYOD policy, and a quarter of all BYOD users have been a victim of malware and hacking.
- Employee remote network systems need to be up-to-date with the latest software patches, anti-virus, anti-malware and security updates.
- In working from home, employees should not receive anything other than the same limited access privileges from home that they have in the office. Additionally, employees should be reminded to stay away from using public Wi-Fi, and to see that their phone and other company device settings do not auto-connect to public Wi-Fi.
- It is critical that employees not intermingle their company and personal computers. Employees should not use their work computers for personal use and must avoid saving sensitive work data to their personal computer.
- Companies also need to recognize that Virtual Private Networks (VPNs) do not protect remote employees’ devices, where the data itself lives. If a hacker accesses an employee’s device, the data can be used to access the employer’s network and servers. *It is also a good time for a company’s IT resources to stress test VPN’s to prevent them from being overloaded given the increased volume of users.*
2) Cyber Security Technology MUST be Upgraded
Organizations must ensure that their employees take advantage of cybersecurity best practices technology, including:
- Utilizing multi-factor authentication (MFA)
- Upgrading laptops/desktops, tablets and smart-phones to the latest OS version from the manufacturer
- Ensuring that home networks are firewalled and encrypted.
3) Employee’s MUST become your Company’s Human Firewall
As cybercriminals know, employees working from home tend to be more relaxed. As a result, they are stepping up their efforts to trick employees through phishing, fake websites, and other business email compromise schemes. There have already been too many examples of employees working from home being lured by COVID-19 themed messages appearing to be from reputable Health Organizations, asking them to click on links and attachments designed to infect their computers with malware.
Also, be aware of what is known as Business Email Compromise (BEC). BEC is a cybercrime that occurs when a threat actor gains control of a business email account and impersonates the executive or employee who uses that account. A common ploy involves a cybercriminal sending falsified instructions through a hacked company email directly to an employee to make a wire transfer (instead of sending a check) due to a COVID-19 closure of physical premises.
In summary…
YOU MUST STAY VIGILANT: It is critical for all employees to apply the type of cyber hygiene practices referenced above while staying vigilant! Employees need to question anything unusual while verifying the intent and legitimacy of all electronic communications. In this extraordinary time where companies are particularly vulnerable while transitioning to “work from home”, organizations must be particularly cautious in protecting themselves from any further damage to their financial stability.
The mission of DSU is to demystify the regulatory and contractual obligations of small and medium sized businesses (SMBs) to comply with data security standards including NIST, PCI-DSS, GDPR & CCPA. DSU’s products deliver interactive education while assessing an organization’s security vulnerabilities and providing a tailored action plan for data protection. Companies are able to leverage Data Security University’s CyberSecurity, PCI & GDPR assessment tools to benefit from the platform’s back-end big data analytics while marketing their own related security products and services. Learn more at https://datasecurityu.com/.