In this new era of social distancing, millions of people all over the world are suddenly working from home. Many organizations were not prepared for this dramatic shift and have rushed solutions into action to support the need. Employees are moving fast, worried about productivity, and faced with numerous distractions, including children home from school, family members working alongside them, and fears and anxieties associated with COVID-19. It’s the perfect opportunity for cyber criminals to break into systems via phishing scams and steal valuable information that they can resell on the black market.
Hackers are unscrupulous. They’re using the crisis to exploit security holes and go after what they perceive as soft targets — small businesses who can’t devote time to addressing cybersecurity and distracted employees working from home. The scams range from phishing emails offering COVID-19 advice and ordering options for desirable products (hand sanitizer, anyone?) to charitable solicitations for bogus virus-related relief funds. Hackers are getting more and more creative, and many people are falling into their traps.
There are several steps leaders can take to mitigate cyber risks, now and into the future. Here are a few questions to ask yourself if you’re not sure where to start:
- Are you mandating password best practices? Do your employees know not to store passwords for websites? Have you implemented multi-factor authentication or need help setting it up and implementing it with your employees?
- Are you confident that company devices are being used for remote work? Employees might prefer to use their personal devices over company assets when they’re working from home, but these devices cannot be protected and monitored in the same way. If personal devices are needed, do you have an acceptable use policy that dictates things like AV/Malware prevention and isolated user IDs?
- Are your employees using virtual private networks (VPNs) for their company-owned devices? Have you educated them on VPNs and provided remote guidance on how to set one up for the home office?
- Have you conducted cybersecurity training? Most employees want to do the right thing, but one wrong click could lead a company down a disastrous path. Too often, companies conduct basic training and then check it off their list. Do you need help ramping up your training efforts to provide ongoing and evolving education to employees?
- Where are you on cyber insurance? If you have a policy, are you being prompted to increase your coverage? Are you receiving solicitations by providers and unsure how to move forward?
- Have you verified your MSP policies? If your managed service provider (MSP) is breached, how would it impact your organization? Are you confident that your information is protected somewhere in the event of a ransomware incident?
Organizations need to be vigilant about cybersecurity to protect not only their assets and reputation, but the individuals and supply chains that rely on their operations. Hartman’s cybersecurity advisors can assess your organization’s existing security policies and procedures as they relate to supporting remote employees. This assessment includes a critical review of business continuity plans, company technologies, device security best practices, and employee security training.
There are many good resources available for leaders. The FBI released information on April 1st with information about COVID-19-related cyberattacks and tips for navigating telework vulnerabilities. SANS Security Awareness, a training company, published their top five tips for working from home securely.
Hartman is here to help you navigate your cybersecurity options during this difficult time and keep your information secure and your company in compliance. Contact us today to learn more about our services and schedule a time to discuss your needs.