As the COVID-19 pandemic has changed how most industries are conducting business, one of the biggest challenges is the transition to working from home. Many people are using their personal devices for work, often on an unsecured or less secure internet connection than they have in the office. Between the changes in our work devices and the large influx of pandemic related news, there are many emerging vulnerabilities in companies’ data security landscapes.
These new circumstances can leave your firm’s and your clients’ information open to hackers and cybersecurity breaches. By one metric, COVID-19 related phishing attacks increased by over 30% in the last three weeks.
Cybercriminals are using new tactics like mobile apps claiming to track COVID-19 cases that actually contain ransomware. This can be disastrous for a firm if downloaded to an employee’s cellphone that is logged into company email, for example.
Below are six ways your firm can help protect employee, client, and company information from these and other new cybersecurity risks:
1. Secure Network: Use a virtual private network (“VPN”) for devices accessing company information. Using VPN reroutes internet connections through a separate server, making a device’s security more difficult to compromise. Check with employees to ensure their home routers are secure by:
- Updating router passwords from the default password to a strong password;
- Restricting inbound and outbound traffic using the highest level of encryption; and
- Installing firmware updates.
2. Red Flag Training: Train employees on how to avoid phishing scams. Phishing scams rely on social engineering and other tactics to “trick” victims into clicking malicious links, sending money to fraudsters, or other potentially compromising actions.
3. Access Control: Establish and adopt a change management process if you do not have one in place. A thorough change management program can help track employees’ data access rights and other organizational adjustments. Tracking employee access to sensitive information can help mitigate risk; the fewer people who have access to company data, the fewer chances there are for data theft or a security breach.
4. Awareness: Stay up to date on emerging scam trends and methods. Cybercriminals will use any opportunity to convince unsuspecting users to provide access to your company’s network. There are many reliable online resources that report data and information on new scams.
5. Physical security: Physical security is just as important when working from home as it is in the office. Ensure employees know to secure electronic devices containing company data when not in use by the employee. If hardcopy documents are printed, the documents should be shredded using the same standards required in the office, or remain secured until the employee returns the documents to the office.
6. Check on Your Key Vendors: Conduct due diligence on key vendors who have access to or store sensitive data. Engaging in a meaningful due diligence process can uncover if a vendor has a history of data security issues; confirm the steps they are taking to decrease risk in their organization.
WHAT DOES THIS MEAN FOR ME?
Many companies plan to continue requiring or permitting employees work from home for the foreseeable future. This means cybersecurity risks will continue to expand to target individuals working remotely. The best way to protect data is to provide employees with the right technological tools and robust training.
If your firm is seeking assistance with cybersecurity planning, employee training, vendor management, or other services to support its work-from-home program, Fairview Cyber can assist. Reach out to Fairview for more information about how we can help keep your data secure in the COVID-19 era.