With the COVID-19 pandemic, more and more employees have had to work from home, creating new cybersecurity challenges for businesses. Some workers will have to relearn everything about cybersecurity because they must keep their work documents and email secure even on their home network.
Businesses in the financial services industry should be especially mindful about cybersecurity, as should any company that handles sensitive customer data. Other businesses would also do well to keep these things in mind because they probably handle more data on a daily basis than they realize.
Where data is being shared over the cloud all the time because employees are working from home, the potential for leaks and breaches increases exponentially.
Cybersecurity at work: the numbers
Mimecast commissioned a global survey of IT decision makers to get a better understanding of the common cybersecurity challenges among businesses. The survey found that 51% of respondents have been impacted by ransomware in the last 12 months.
Seventy-seven percent of respondents believe weak passwords could be a serious mistake for their employees, and 58% have seen phishing attacks on their companies increase. The survey also found that 55% of the businesses that responded did not provide awareness training frequently, while 82% experienced downtime from a cyberattack.
If there was ever a time for cybersecurity awareness training, this would be the time as employees now have to manage their own networks while keeping their work accounts and documents safe. Cyberattacks can spread from one employee to another within a business, and 60% of respondents said that's exactly what happened to their companies.
The risks of working from home
The first step in preventing cybersecurity breaches is understanding all the risks involved in having employees work from home. Perhaps the most obvious risk but also the least understood one is Wi-Fi security.
The problem here is that IT managers can't visit each employee's home individually to configure their Wi-Fi network. Most home Wi-Fi networks use WEP instead of WPA-2, which is more secure than WEP. Hackers can more easily get into networks that aren't secured.
Phishing scams are also a risk, but hopefully employees have learned about this one while working at the office. This is one risk that essentially stays the same no matter where you work, although the attacks may look a little bit different now that employees are working from home.
The key is to spot a phishing attempt and avoid it. One new problem with phishing scams is that hackers have been using the coronavirus pandemic in their emails to try to convince people to click links and install their malware, adware or viruses.
Here are some other tips to help you protect your company's data and your employees.
Use a VPN
Many businesses have turned to virtual private networks (VPNs) to secure their employees' network and avoid all the security problems that come with home Wi-Fi networks. However, not all VPNs are the same, so it's important to understand the differences when it comes time to choose one to use.
Some experts argue against the use of legacy VPNs, which are hardware-based. The problem is that not only are home Wi-Fi networks insecure, but they may already be infected with malware, which could then infect the VPN. Hardware-based VPNs are also more difficult to implement, so it may be difficult for employees who aren't especially tech-savvy.
On the other hand, cloud-based VPNs are scalable and can more effectively secure remote access to company servers. Additionally, IT managers can more easily configure them and make changes to the VPN over the cloud.
One problem business owners should keep in mind when selecting a VPN for their employees to use while working from home is the fact that many apps that provide VPNs are not actually secure.
Vet tools and require employees to use only company-provided equipment.
When working from home, there might be a greater tendency to use unsecured or shared devices as well. The best way for business owners to handle this threat is to require that employees use company-owned devices only for work and not to use them for other tasks.
Business owners should also ensure that they remain in close contact with their employees throughout the workday. This may involve the use of a messaging platform, and businesses should choose one that utilizes end-to-end encryption, so they are doubly protected by using it over the VPN.
It's important to vet whatever tools you use for your business and remind employees not to improvise by employing other tools that haven't been tested to make sure they are secure. Business owners should also develop policies and procedures for working from home if they haven't done so yet.
Such policies should include requirements like using only company-owned and provided equipment such as laptops or mobile devices. The policies should also require employees to use the company-provided VPN. Not only should they use the VPN, but they should also use the VPN only for work and not for entertainment or other home uses.
Keep software and equipment updated
When everyone is working at the office, it's easy for IT workers to go around and make sure everyone's computer and other devices receive all the necessary updates and security patches. However, this practice is eliminated when employees are working from home.
IT managers should ensure that all company-provided computers are set to update automatically so the employee doesn't have to remember to check for updates. They should also make sure the update process is seamless so there is less fuss for employees who aren't very tech-savvy.
Employees must understand how important it is to install security patches and updates as soon as they become available. Some will already grasp this fact because they do an excellent job of keeping their own devices updated, but business owners should watch out for those who tend to put off updates, either because they don't understand how important they are or just because they tend to procrastinate.
Educate your employees
Finally, business owners and IT managers should take the time to educate employees about cybersecurity and protecting company data while they work from home. Working remotely places more of the burden for cybersecurity on employees.
Further, they have less help from the IT department because they aren't working in the office. Since employees are the first line of defense when working at home, it's important that they understand the basics of how to keep company data safe and know when they need more help from the IT department.
If you haven't already, you should schedule a virtual training session with employees to teach them about using the VPN and other encrypted tools your business provides. It may be a good idea to hold regular training sessions to ensure that hardware is updated regularly, and employees stay up to date on all the latest cybersecurity threats.
The coronavirus has changed much about the world, including the way we work and where we work. It has not only made things more difficult for businesses with employees who are working remotely but also increased the cybersecurity risks associated with many jobs.
Hopefully by now, business owners have established firm policies and procedures for working from home, but for those who haven't done so, it isn't too late.
Lead image from Bermix Studio via Upsplash