The COVID-19 pandemic has strengthened teleworking as a new operational standard. Employers should expect this trend to only grow in the future. In fact, many large companies, such as Twitter and Microsoft, have stated that teleworking will be an indefinite option for their employees.
While this is exciting in many ways, teleworking also comes with unique challenges – namely cybersecurity. This article discusses some cyber security risks faced by remote employees and offers potential solutions.
Hackers have been attacking companies since the first computer was invented and always tried new methods to obtain critical information. Depending on the size of the organization, it can get dozens or thousands of hacking attempts every day. These attempts are usually brushed by IT security teams and firewalls. But with employees working from home, these protections are not as guaranteed.
The following are some of the most common cyber threats that individuals face:
- Phishing and phishing: Phishing is an attempt to obtain personal information, such as computer passwords, social security numbers or other data. Hackers and fraudsters will be a legitimate company and send fake emails to request this information, usually with a false threat. Vishing, or voice fishing, takes this process a step further. This is when a fraudster spoofs a legitimate phone number (from the organization or otherwise) and poses as an IT helpdesk and uses that alias to obtain personal information. These calls can even be routed to personal cell phones, making it harder for organizations to capture. Vishing attempts are a new trend, but are becoming more common. Employers should review existing cybersecurity policies to address vishing directly.
- Malware : Malware is a type of computer virus that is usually disguised as an innocent program, e-mail attachment or link. These viruses infect computers and can do any number of tasks, usually hidden from the user. For example, they can store password data, track website activity or download personal files.
- Brute force attacks : Brute force attacks are when hackers try to log into someone's account many, many times. These attempts usually work when individuals reuse usernames and passwords across different accounts. A hacker can expose the information to an account and then use that information anywhere they can think of and eventually gain access.
These cyber threats are exacerbated when employees work from home, especially if they operate on personal devices or do not connect to a secure network. This is why it is important for employers to proactively deal with cyber threats with their remote employees.
There is no single solution to avoid cyber security threats. But there are important steps that organizations can take to protect their employees and critical data. Below are some of them.
- Behavioral Analysis Tracking Software : This is software that monitors each individual's computer habits. Because hackers can impersonate an employee, it is difficult to detect when someone's credentials have been compromised. With analytics tracking software, the program could detect when a user shows abnormal computer use. This depends on the individual, but it may include accessing certain files or transferring large chunks of data.
- Automated Threat Detection Software : This software is like antivirus software found on many computers by default. It can scan files and detect malicious programs automatically. Automated threat detection software is often combined with other efforts, such as behavioral analysis.
- Comprehensive guidelines for work from home : Using personal devices to do business is an easy way to compromise on usernames and passwords. Employers should establish clear guidelines for acceptable technology to use (often a laptop) and workplaces. For example, cafes may be off-limits because they often have unprotected networks.
- Employee Education : Education and training are perhaps the best protection against cyber threats. Employees should know basic cybersecurity tactics, such as how to detect a phishing email, how to detect a scam, and how to report a potential security breach. They should also be instructed not to reuse login information, especially between work accounts and personal accounts.
Employee training is especially important as hackers and fraudsters become more sophisticated every week. Employers should keep track of new scams and warn employees when necessary.
As with all successful initiatives, cybersecurity protocols must be followed by all stakeholders within an organization. It involves educating everyone, from top to bottom, about how to protect themselves and their workplace from cyber threats. If even a few people go without proper training, the entire organization can be jeopardized.
As business becomes more interconnected, cyber threats will become more sophisticated and common. Start educating cybersecurity employees today to better protect your organization.
Contact CoverLink Insurance for more information on protecting your business' best interests and planning for continuity and growth.