The recent significant increase in employees working from home due to the COVID-19 pandemic brings with it a heightened risk of cybersecurity threats. Cybercriminals are well aware that IT departments and cybersecurity groups are stretched thin at this time, leaving businesses more vulnerable, and subsequently opening the door to increased phishing and cyber-attacks.
With more and more Canadian organizations now going either partially or entirely remote, it’s crucial to keep up on cybersecurity measures in this new work landscape.
Cybersecurity tips for employees working from home
If you have transitioned your team to working remotely, here are some tips to consider to keep them—and your business—safe from cyber threats:
Develop a remote work policy specifically for the pandemic. Consider developing a new, written work-from-home policy that goes into effect only during the current pandemic. This policy can account for all special considerations that differ from your original policy and which may need to be reverted once the pandemic ends.
Connect to a virtual private network (VPN) if possible. A VPN can provide a direct connection to the organization’s regular applications, similar to if the employee connects directly to the organization’s network. Using a VPN can hide the user’s IP address, encrypt data transfers in transit, and mask the user’s location. If the organization already has a VPN, ensure that it can handle the extra bandwidth from the sudden influx of new remote users.
Ensure software is updated. Keep all work devices secure with up-to-date firewall, antivirus, anti-malware, and data encryption software,
Enforce basic cybersecurity practices. Reinforce the importance of basic cybersecurity practices, such as using strong passwords and connecting to a hot spot or encrypted web connection instead of public wi-fi.
Train people on how to detect a phishing attack. Educate staff on how to recognize a phishing attempt, such as emails that request private information, use a generic introduction rather than your name, have spelling errors, or use a suspicious email domain.
Avoid using removable media. The use of removable media such as USBs, SD cards, and discs may expose valuable resources to malware and virus replication, theft, and hardware failure. Keep the use of removable media to an absolute minimum and never use it as the sole storage location of valuable data.
Enable multifactor authentication. In addition to a strong password, require employees to enter a code that they receive separately (such as via a predetermined mobile phone number) if possible to decrease the risk of unauthorized access.
Limit employee access. Rather than allowing employees access to all programs and resources, grant them access only to the programs and resources that are essential to their duties.
Send contact reminders. In the event of stolen materials or identifying a possibly malicious link, the switch to remote work may create uncertainties as to how to contact the IT or cybersecurity team.
Send your employees a reminder with the proper contact information for IT-related questions or concerns.
Cybersecurity is a serious issue for your organization and employees. That’s why you must recognize potential vulnerabilities and take steps to prevent cyber-attacks and data breaches. No matter the size of your company, our dedicated team of expert advisors can help you secure your business and develop a cyber insurance solution that works for you.