Despite its negative impact on our lives, and despite the fact that it has forced Americans and American businesses to re-tool and try to mitigate the damages it threatens to cause, COVID-19 – the novel coronavirus – offers a major growth opportunity for hackers and other bad cyber actors. In line with every other new business need that’s arisen from the new virus is the need to increase protections for your business’s data.
COVID-19 poses new cybersecurity risks for your business not only because bad actors can feed off panic, but also because your business necessarily becomes more exposed when more of your workforce works from home. Working from home provides more opportunities for your company’s computers, cell phones, and other devices to connect to unknown and unsecure wireless networks, or even to get left behind, stolen, or otherwise lost between home and the office. It also invites opportunities for shortcuts around established extra layers of security, and does so in addition to the run-of-the-mill danger that comes from phishing attempts that look much more attractive when they’re disguised as COVID-19 updates, warnings, or even cures. To protect your data while your workforce goes remote, consider these tips:
- Stay updated and maintain security across all devices. Make sure you’re keeping your VPN, firewall, and anti-virus software updated with the latest security updates, patches, and security configurations. If your employees access company data on company devices make sure those devices have the latest security updates, too. If employees use personal devices, educate them on how to keep those devices safe (require encryption!) or provide security software for those devices. If you haven’t already, implement multi-factor authentication for all devices connecting to your system.
- Teach your employees to be careful. Bad actors will find ways to embed malicious code into friendly-looking emails or trick users into giving up passwords using emails, apps, text messages, or even phone calls. Educate your employees on how to identify “–ishing” (phishing, vishing, and smishing, to name three), or other bad-actor opportunities. Train them to not fall for the traps and to send word to your IT professionals if an opportunist attempts an attack. This applies whether your employees are working from home or working in the office, but it becomes especially relevant as hackers take advantage of people’s fears during a health scare. For a quick read to pass on and educate your workforce, take a look at the U.S. Cybersecurity and Infrastructure Agency’s security tip on “Avoiding Social Engineering and Phishing Attacks,” here.
- Good old-fashioned care goes a long way. Remind your workforce of all the cybersecurity protections your company has in place, and how important it is to maintain protocols and procedures even when working from home. Remote work may make regular workflow a bit more cumbersome, but cutting corners on cybersecurity is a major risk. Your workforce should be reminded not to cut those corners. And, maintaining physical security of devices that can access your company’s data can be just as important as network security – a laptop left on a coffee shop table while you use the restroom doesn’t need a sophisticated hacker to cost you your data security.
Of course, your workforce’s health and safety are paramount in the face of the growing COVID-19 pandemic. But if your safety measures include work-from-home for some or all of your workforce, make sure you remain vigilant about how you’re keeping your company’s data safe.