With so many people working from home comes an increased risk of cyberattacks and data breaches. Marshfield Insurance Agency shared some tips with OnFocus to help mitigate these risks.
“Employees working remotely can create risks, especially if proper precautions are not taken,” said Nick Arnoldy, owner. “With so many people working from home right now due to COVID-19, it’s important to be more vigilant when accessing and sending information via the Internet.”
When an employee is at the office, their work is often protected by safety standards that keep a company’s network and data secure. An employee working from home may not have the same safety measures in place to protect the organization’s devices and information. Fortunately, there are practical precautions that workers can take.
“To safeguard your business and employees from data breaches, cyber scams and viruses, we recommend a few different strategies,” said Arnoldy. “First, train employees on how to detect and respond to phishing attacks.”
Criminals prey on unfortunate circumstances, seeking to capitalize on victims during times of panic and hardship. For example, cyber criminals have been known to pose as charities and legitimate websites to lure victims into sending money and revealing personal information.
Individuals should scrutinize any emails, texts and social media posts related to COVID-19 and be cautious when clicking any links and attachments.
“Avoid clicking links from unsolicited emails, and be wary of email attachments,” said Arnoldy. “Also, use trusted sources when looking for factual information on COVID-19, such as CDC.gov. Never give out personal or financial information via email, even if the sender seems legitimate. Never respond to emails soliciting personal or financial information. Verify a charity’s authenticity before making any donations.”
Arnoldy also recommends having a virtual private network (VPN) in place and ensure that employees are using it to access company systems and data when working remotely.
“VPNs encrypt internet traffic, which can be particularly useful when your employees are connected to a home or public network,” he said. “Furthermore, it could be beneficial for your company to prohibit employees from accessing company information from public networks altogether.”
Other practical tips include:
• Mandate the use of security and anti-virus software. This software should be up to date and include the latest patches.
• Educate your employees on the kinds of sensitive data they are obligated to protect. This could include confidential business information, trade secrets, intellectual property and personal information. When working with sensitive data, employees should take to the same precautions they would if they were at the office. They should avoid using their personal email for company business and think critically about the documents they are printing at home. If they must print sensitive information, they should shred the document when it is no longer needed. Encrypting sensitive information can also help you protect any data that is stored or sent to remote devices.
• Prohibit employees from sharing their work devices with friends and family members. Doing so reduces risks associated with unauthorized or inadvertent access of company information.
• Have employees update their contact information. That way, if your systems are compromised, you can easily contact your staff and provide the appropriate updates and instructions.
• Create and communicate a system that employees can use to report lost or stolen equipment. This will help your IT department respond quickly and mitigate potential data loss threats.
• Require two-factor authentication for all company passwords. Two-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate applications, networks and servers. This additional login hurdle means that would-be cyber criminals won’t easily unlock an account, even if they have the password in hand.
• Consider security precautions for mobile devices. Proper phone security is just as important as a well-protected computer network. A smartphone could grant access to any number of applications, emails and stored passwords. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving more traditional computer systems.
“For additional protection, employers should consider backing up data and bolstering network protections as best as they can,” said Arnoldy. “For more cyber security guidance, feel free to contact us!”
-Tips provided by Zywave