As Canada navigates the challenges of the worldwide COVID-19 pandemic, many companies have and continue to adopt policies for working from home. Employees are now balancing their day-to-day work duties with their home life. This can pose difficulties, including how to maintain focus and stay productive. While accommodations and adjustments at home and in the office are being made it is critically important for business owners and employees to avoid compromising their cybersecurity.
Cybercriminals are seeking to exploit remote connectivity and take advantage of the fact that many people who are working from home do not have the same security framework on their networks that would be in place in a corporate environment. Many businesses have not deployed the right technologies or corporate security policies to ensure that all corporate-owned or corporate-managed devices have the proper security protections when connecting through open home WiFi networks.
Cybersecurity research firms are already seeing a spike in hacks and breaches targeting businesses as the COVID-19 outbreak continues. The US Department of Homeland Security has advised businesses to prepare for new cybersecurity threats arising from work-from-home arrangements.
Both business leaders and their employees share a critical role and responsibility to secure their organization and ensure that cyberattacks do not further aggregate the already disrupted work environment.
How Your Business Can Respond
- Awareness Training for Your Staff
The most important way an organization can fend off cyber criminals is to train your employees to avoid cyber incidents and strengthen the overall cyber security culture in the workplace. Cybercriminals often take advantage of human error and deception to compromise information and assets. Educating employees about common cyber threats can protect your organization and minimize risks. Your organization should consider addressing topics such as the following examples:
- Creating unique passphrases and complex passwords for all accounts
- Using approved software and mobile applications
- Identifying malicious emails & scams
- Security for Home WiFi Networks
You and your employees need to review the security of your home networks. Anyone connecting at home needs to take a look at the settings of their routers / IoT devices. The first step is changing the default password for WiFi and the administration portal that comes with these devices. Many home routers provided by residential ISP’s come standard with a password as simple as “password” or “1234”, an easy entrance for criminals in WiFi range. Anti-malware and virus protection should also be installed on all devices connected to the home office to avoid security breaches.
- Use A Secure VPN Connection
A virtual private network (VPN) allows your employees to remotely share data as if they were connected to a private network. A VPN is an encrypted tunnel for your internet traffic that can connect a home office to your work network. You can connect across a VPN no matter what network you’re on and “appear” to be sitting at your desk at work using all the resources you could if you actually were there. It is also important to make sure that users keep their VPN software up-to-date with the latest release and security patches.
- Secure Internal Communications
Email is not a replacement for secure document and sensitive information transfer. Companies should encourage workers to use encrypted, enterprise-focused services for messaging, transferring files, and placing voice and video calls as much as possible. Many consumer-facing software such as social media platforms have recently proven to be a more frequent target for hackers.
- Use “Work-Only” Devices
While it may seem easy enough to just use your home PC to connect while working at home, this can be accompanied by an abundance of security issues. If your home computer is shared with other family members including children, all of the above measures may prove to be moot. Other members of the household may not take your business security seriously, or maybe they are just ill-informed of the dangers that be. Someone could inadvertently access sensitive information, or install software that could allow a devious intruder access to your network.
- Establish a Robust DR Plan for Everyone
Is a work-at-home situation covered in your Disaster Recovery (DR) strategy? Many companies are simply unprepared for an IT disaster to occur if a breach was to happen outside the office. While it is crucial to backup and have a recovery strategy for your IT infrastructure at the office, you also need to make sure that employee devices are backed up regularly, and can be recovered and secured if needed. Look at the DR strategy you currently have and discern ways that you may need to improve on it with this ever-changing business environment.
If history is any guide, hackers will use situations like we are in today to benefit. Every business must get ahead of security risks ASAP! Taking these relatively straightforward steps at both the enterprise and individual level should help address some of the most common security risks facing our home-working environments. We should also recognize that the threats are not static, which means it’s important to keep a close eye on evolving trends to avoid unnecessary additional costs and disruptions in a time when we can least afford them.