By Brad Atkin, CPA, CISA, CITP – Shareholder, IT Advisory and Security Group

After almost a year of the COVID-19 pandemic forcing its way into our lives, an unprecedented number of employees have seen a familiar environment become their workspace: their homes. Work is now completed over home internet service providers (ISPs) via unsecured routers, nosy building neighbors listen in on private business calls containing sensitive information and partners may share a machine while working for a different company. While there’s no place like home, there’s also no place easier to attract cyberthreats.

Every day, more and more new security threats surface. Hackers use age-old tactics such as phishing emails while developing new COVID-19-related scams, preying on our need to buy supplies, read the latest news and learn how to recover from the virus if we catch it. For example, a recent scam included hackers developing an app posing as the World Health Organization (WHO). Anyone could easily mistake the app for a genuine one, and if downloaded, the application steals sensitive information right from your phone. Old-school security measures such as firewalls may have historically worked to stop these cyberthreats, but hackers are getting smarter each day. This means that in order to have your staff work entirely remotely, it’s time to rethink how to approach cybersecurity in 2020.

How Employees Can Prevent Cyberthreats at Home

It’s nearly impossible to completely eliminate cyberthreats, which is fine since all threats are not equally detrimental or likely to occur. However, informing your employees of immediate steps they can take now to prevent the most harmful cyberattacks is the difference between a successful remote workforce and a vulnerable one. Here are some tips to share with your workforce to prevent irreparable and expensive data breaches:

  • Use great caution upon receiving suspicious emails. Do they know the sender? Does the message itself look like spam? Advise your employees to delete and report any phishing attempts.
  • Keep passwords strong. It is recommended to use at least 8 characters (including special characters such as !, @, #, etc.) and to swap for a new password frequently.
  • Frequently restart devices. This allows for antivirus software to update regularly and prevent missing any needed fixes that would otherwise leave their devices vulnerable.
  • Keep work data private. Advise your employees to shut their laptops off outside of work hours and to keep an eye on any roommates or family peeking at their screens.

What Employers Can Do to Help

The best offense against cyberattacks is a good defense, and that starts with you as the employer doing your due diligence to protect your organization from data breaches. Here are a few things you can do to set your employees and, in turn, your business, up for success:

  1. Provide laptops with necessary antivirus software to all employees working remotely, if possible.
  2. Require each employee working remotely to attend regular cybersecurity safety training, as the threats today will differ a month from now.
  3. Require multifactor authentication wherever possible, ensuring employees confirm their identity via their phones before accessing sensitive files.  
  4. Offer an encrypted VPN connection for employees to use when accessing secure information.
  5. Create a company email for employees to report potential cyberattack incidents.

Start the Conversation

Unfortunately, cyberattacks have been around for decades and they will continue to be a large part of an organizations’ data security concerns. Cybercriminals continue to adapt to new challenges and create innovative scams that are becoming more and more difficult to distinguish. However, cyberattacks create an opportunity for businesses to raise awareness about data breaches to employees and create a company-wide plan of defense.

If you are concerned about potential cyberthreats to your remotely working organization, contact us today to learn more about our CYBERCLAW suite of IT solutions to safeguard your data and minimize your overall cybersecurity risk profile.