The remote work or work-from-home business model is here to stay. Just consider these statistics:
- Companies that embrace remote work have 25% less turnover than those that don’t;
- In the past decade remote working has increased by 115%;
- 86% of employees feel that remote working reduces stress;
- People who work remotely half of the time save 11 days’ worth of commuting time every year; and
- Telecommuting reduces greenhouse gas emissions by an amount equivalent to 600,000 vehicles.
These are some pretty compelling reasons to embrace remote working. While working from home is convenient and has many benefits, it also exposes individuals and businesses to a number of cybersecurity risks. Whether employees are connecting to networks from the office, from home, or from their local coffee shop, businesses need to plan for the risks of cyberattacks (such as data loss and leakage) and work to mitigate them. Networks with a centrally managed corporate network and remote workers present unique security challenges.
With the holiday season right around the corner, there are heightened cyber risks that come along with the season. Between the increased online shopping and potential travel plans, cybercriminals see the holiday season as a major prospective payday. Here we review some general strategies for addressing holiday cybersecurity this season.
Remote Work Cybersecurity Strategies
To keep information safe, business owners need to educate their employees on how to manage network security, work securely, and prevent the migration of home vulnerabilities to the office. It is also important that employees and employers receive a basic level of cybersecurity training so that they understand the implications of their actions. Cybersecurity executives and professionals aren’t the only ones who need to know how to deal with cyber attacks.
This new way of working expands the potential of cybersecurity threats with new vulnerabilities surrounding every employee whether working from home or at a local coffee shop. Here are five strategies to mitigate any security risks associated with remote working vulnerabilities:
- Experts recommend that telecommuters use a secure VPN to provide end-to-end encryption. For organizations that allow access to email and cloud services from an employee’s personal device, it is recommended to apply the same endpoint security rules for antivirus software and custom firewalls as for employer-managed devices.
- Empower employees to address the security of their home networks. Personal computers are an easy way for attackers to gain access to networks. Ensure employees have passwords to home routers and the proper firewalls in place to decrease the chances of an attack.
- Implement policies that require employees to change their various device and application passwords frequently, ideally at least every three months. Passwords should be complex with specific character requirements, and not of the ‘123456’ variety.
- Be selective about what software and applications are allowable, and ensure that employees know not to install unapproved applications.
- In the event that a cyberattack does happen on a staff members’ home system, ensure that employees know to report it immediately
E-Commerce Cybersecurity Strategies
Online shopping and the holidays go hand in hand. Heck, there is even a day specifically for e-commerce transactions (Cyber Monday, which falls on the Monday following Thanksgiving). It is safe for organizations to assume that their employees will be indulging in some online shopping during the holiday season, and they should plan accordingly by instructing their staff to ensure that all internet-connected devices ‒ including PCs, smartphones, and tablets ‒ are free from malware and infections by running only the most current versions of software, web browsers, and other apps. Employees should be mindful of the e-commerce sites they are visiting by shopping only on sites that use SSL protection. The easiest way to tell whether a site uses SSL protection is to check the browser’s address bar for HTTPS in the URL. Sites without the ‘s’ in HTTP are not safe to submit payment information or other personal details and should be avoided at all costs.
Employees should also be encouraged to regularly monitor their accounts, check their online financial accounts regularly for suspicious spending, and to take advantage of text and email alerting services that many banks and credit card companies now offer.
Identity Theft Cybersecurity Strategies
Identity theft, also known as identity fraud, is a crime in which an attacker obtains key personally identifiable information, such as social security numbers or driver’s license, in order to impersonate another person. Identity theft has taken on a new lease of life in the digital age, and our data has become a valuable asset that can be monetized and used to engage in fraudulent activities.
The best way for employees to protect themselves from identity theft is to be diligent about not sharing personal information and shredding sensitive documentation as needed. Creating, and regularly updating, long and unique passwords for all accounts and using multi-factor authentication wherever possible are also strong tactics for mitigating the risk of identity theft.
Phishing Cybersecurity Strategies
With the expansion of telecommuting, vulnerabilities have increased as more devices are being introduced into corporate data ecosystems and new phishing schemes have been introduced. The FBI reports that phishing was the most common type of cybercrime in 2020 with the number of incidents reported doubling between 2019 and 2020. ‘Think before you click’ is a mantra that should be adopted and regularly repeated by all organizations.
Cybercriminals have really stepped up their phishing game in recent years. The FBI recently shared this list of the top ten most common phishing email subject lines from last year:
- IT: Annual Asset Inventory
- Changes to your health benefits
- Twitter: Security alert: new or unusual Twitter login
- Amazon: Action Required | Your Amazon Prime Membership has been declined
- Zoom: Scheduled Meeting Error
- Google Pay: Payment sent
- Stimulus Cancellation Request Approved
- Microsoft 365: Action needed: update the address for your Xbox Game Pass for Console subscription
- RingCentral is coming!
- Workday: Reminder: Important Security Upgrade Required
It’s easy to see how employees could be taken in, which is why it is critical to provide regular security training for your employees so that they understand and be able to spot phishing scams, malware, and social engineering threats. In addition to conducting phishing awareness courses, organizations can conduct mock phishing drills to keep employees alert and only click on links they trust. Ensuring your employees are educated in the ways to identify phishing attempts will go far towards keeping your networks and data safe and secure.
Ensure Your Stress-Free Holiday Season
While it is a magical time of year, the holiday season can also come along with it’s share of stresses. Between the jam-packed social calendar, family commitments, working hard to pick out the perfect gifts, and the general busyness of the season, there are plenty of things to add stress without piling on cybersecurity-induced stress.
Wondering if your company is safe and primed to survive the holiday season cyber safe? Versa Trust has been serving Texas businesses for over 25 years and can give your organization the peace of mind it so richly deserves this holiday season. Their suite of security services will protect your data, save you money, and keep your organization cyber safe. Connect with them today for a no-obligation risk assessment.