How to Protect Against Online Threats While Working From Home
As a result of the COVID-19 pandemic, many companies are choosing to continue to let their employees work from home (WFH). Many companies also have a bring your own device (BYOD) policy, meaning that employees are using their own mobile devices and laptops to work. Both WFH and BYOD are helping many companies stay productive in these times, but they also create cybersecurity challenges unique to the work-from-home environment.
In order to protect your company, it’s important to be aware of the main threats to home-based employees during COVID-19. After becoming more familiar with the threats, it’s crucial you also know how your business can protect data and staff, as well as how your staff can protect themselves by following the proper cybersecurity protocols.
The Increased Threat During the COVID-19 Crisis
With employees working from home to stop the spread of COVID-19 and remain safe, there are increased chances for cybersecurity threats. Below we’ve shared some of the most common threats impacting companies working from home during COVID-19:
- Interactive maps and health crises websites: Cybercriminals have set up fake websites and registered domains that display interactive maps showing the spread of the virus. They have also set up sites that purport to provide information related to the coronavirus. The sites and maps have malware laced into them, leading to persistent remote access to workstations, ransomware, and credential theft.
- Phishing emails: Though phishing emails were common before the coronavirus, they have increased by 350 percent during the COVID-19 quarantine, with cybercriminals using the virus to prey on people. In these emails, bad actors impersonate trusted sources of information about the virus, such as government entities, universities and health organizations. For instance, cybercriminals often impersonate the U.S. Centers for Disease Control (CDC) or the World Health Organization. Through the impersonation, the emails get victims to open attachments or click links that infect devices with malware or steal credentials.
- Malicious apps: Like the fake sites and interactive maps, bad actors are creating mobile apps designed to attack devices. These apps are on various app stores, with Android hosting many of them.
- Usage of personal devices: A lot of companies don’t have the funding to provide all their employees with devices. As a result, many staff members are using their personal devices, like smartphones and laptops, to complete their work. These devices often just have a simple antivirus program that doesn’t provide enough protection, opening your company up to vulnerabilities.
How Businesses Can Help Secure Their WFH Employees
There’s a lot a business can do to make sure its data is secure and remains safe from attacks. The following are some basic cybersecurity tips to help secure your WFH staff members:
1. Learn About Threats to Your Organization
One of the first things you can do to protect your company is work with your security teams to discuss potential threats to your company. You can learn more about the most threatening attack vectors for employees who are working from home. A company that can predict the main types of attacks against their business will be more prepared to stop these attacks from succeeding.
2. Set Up Security Capabilities
Remote work security is absolutely crucial to keep your staff’s devices and company data secure. These are some security best practices you should follow:
- Protect devices: Outfit all mobile devices and other devices with endpoint protection. This protection should include encryption and virtual private networks (VPNs). You should also enforce multi-factor authentication.
- Block threats: Use real-time, automated threat intelligence, command-and-control traffic, exploits and malware.
- Filter domains: Your company should set up protocols and programs to filter out malicious domain URLs. Additionally, it’s a good idea to combat phishing attacks by regularly performing DNS sinkholing which is the process of intercepting DNS requests for malicious domains and redirecting them to a false or controlled IP address.
- Secure communications: Take action to make sure your users can securely connect to on-premise and business-critical cloud applications. Programs like teleconferencing applications are especially common with remote work, so it’s important staff can connect to them in a secure manner.
3. Provide Advice and Clear Guidance to Your Employees
Your company should have a set of policies for employees to follow while working from home. Besides just developing these policies, you need to clearly communicate them to your staff. Providing security awareness training is one of the best steps you can take to ensure employees are aware of what they can do to protect themselves and the company.
4. Update Your Emergency Contacts
You need to keep communication open when employees are working from home. Power outages and other extenuating circumstances can knock out an employee’s ability to contact the office. As such, it’s important to have all your staff update their emergency contacts to ensure you can get in contact with them.
5. Prioritize Confidentially
It’s harder to keep company communications and information confidential while employees work at home. Staff should know never to use their personal emails for company work. They should also be instructed to shred any physical documents once they’re done reviewing them. In addition, you can set up programs to keep your company’s critical communications secure.
How Employees Can Secure Their Online Presence While Working Remote
It’s important for employees to do their part to keep their devices and online presence secure. You can find security tips for remote workers below:
- Be vigilant against COVID-19 scams: With the prevalence of malicious domains, fake apps, and phishing emails, it’s important employees know about these dangers. They should make sure to be extra careful with opening attachments or clicking links contained in emails.
- Keep software and systems updated: When patches and updates go uninstalled, computers and mobile devices are much more susceptible to attacks. Employees should immediately download patches and updates as soon as they’re available.
- Develop high-quality passwords: While employees should already be using multi-factor authentication and have complex passwords, some may not have taken these security practices seriously. Now’s the time to start developing more complex passwords and get in the practice of changing them regularly.
- Keep work and personal separate: If your staff is using work devices at home, they should only be doing work on them. The essential principle is that office work should stay on office devices, and personal matters stay on personal devices. For companies with a BYOD policy, you can still let them know not to use their personal email accounts for official work and make them aware of other standard safety practices.
- Use VPNs: Your staff should make sure they are always working on a VPN. These networks provide a secure connection between organizations and employees. Some even come outfitted with malware and phishing attacks. As such, employees must use the VPN at the relevant times.
- Secure Wi-Fi access points: Bad actors can infect devices by getting through an employee’s personal Wi-Fi network. Due to the potential danger, employees should adjust their network’s passwords and default settings to make them more secure and reduce the chances an attack slips through. If you have internet of things (IoT) devices connected to the network, you should change their default logins to something more secure.
Managed IT Services From CTI
In times where your cybersecurity is even more of a concern, turn to managed IT services from Consolidated Technologies, Inc. (CTI). Managed IT services are crucial for protecting your company while staff members work from home. With our managed IT services, you’ll receive help with mobile device management and network and security assessments — both crucial while your staff works remotely.