In the first weeks and months of the COVID-19 pandemic, the World Health Organization (WHO) reported a dramatic fivefold increase in the number of cyber attacks directed at its staff. It also warned the public to beware of the rampant cyber attacks and phishing scams that attempt to take advantage of pandemic panic.
Many other businesses and organizations are facing the barrage of these increased attacks, but because of the necessity of remote work, they are confronting these cyber threats with weakened out-of-office cybersecurity measures.
So, as many businesses look to make remote work a more permanent solution, one of the most important things they need to do is to protect their digital systems, assets, and communications.
Part of that depends on equipment and policies that your company leadership puts in place, but a large part also depends on the actions of your employees. Here are cybersecurity practices that every remote team member should be following to keep your systems secure.
Give Your Team the Right Tools and Processes
Before your employees can do their part in upholding cybersecurity practices, you need to equip them with the tools to do so.
Whether you are providing your remote team with devices to work on or you have a bring-your-own-device policy, your employees will be accessing your business’s information and systems. To keep these assets secure, every employee should be equipped with basic security tools, including firewalls, anti-malware, email protection, and data backups.
You may also want to provide your team with a virtual private network (VPN), which creates a secure, encrypted network that can be accessed remotely.
Working with an experienced Managed Service Provider will help you get a better idea of the exact solutions your remote workers need. Managed IT Services can give you access to 24/7 system monitoring, cybersecurity protection, helpdesk support, and more, making your life that much easier and your systems that much more secure.
Be Aware of Phishing Attacks
The majority of attacks begin with hackers gaining access to systems through phishing emails, so it is essential that all of your employees are trained on how to recognize phishing attempts and who to report an attack to.
A phishing email often attempts to duplicate the appearance of a trusted company and asks recipients to log in, make a payment, update credentials, or take another form of action. Then when the user clicks on the link in the email, it takes them to a fake login page, where their credentials are harvested.
Teach your employees to watch out for the following signs of a phishing scam:
- Misspelled or fake domain names: An email might be sent from a slightly altered domain name, like @amazom.com instead of @amazon.com.
- Suspicious links or attachments: A phishing email will likely try to take you to an infected link or get you to download an attachment holding malware. Always be cautious when you receive an unsolicited email attachment.
- Threats: Phishing attacks may try to threaten you with financial loss or legal action if you fail to follow their instructions, but legitimate businesses do not use scare tactics like threats.
- Payment requests: A phishing email may look like an ordinary invoice from a company or individual you do business with. To be cautious, always log in to an account through the company’s home page instead of an email link. You can also search your contacts to make sure the request is coming from an email address you’ve corresponded with before.
Employees should be educated on how to recognize these types of emails and who to notify should they receive one.
Always Use Multi-Factor Authentication
While every employee should follow strong password practices, today, passwords can often be easily cracked by a cybercriminal using advanced software or, more commonly, when they are revealed through human error. All employees should now be using multi-factor authentication (MFA), which adds an extra layer of protection—just like having two locks on your door.
MFA requires you to provide a second piece of information in addition to a password to confirm your identity when logging in to an account. The second piece of information used in multi-factor authentication is purposefully something that is extremely hard for cybercriminals to acquire; for example, it could be a text verification code sent to your phone or a biological marker such as a fingerprint.
Microsoft reports that using MFA can block over 99.9% of account-compromising attacks. With odds that good, there’s no reason not to use such a simple and effective tool.
Other General Safety Practices to Follow
It is important that employees are trained on general safety precautions to reduce the risks of cyberattacks. For example, they should all be trained to only download from reputable sources, never delay installing device or software updates, not use public WiFi to access work accounts (especially in public locations like airports, hotels, and cafes), etc.
Many of these general safety practices can be taught through training and encouraged by making them a part of company policy.
When you put these tools and practices in place, you’ll be well on your way to providing more comprehensive cybersecurity for your remote team.