Remote work presents unique challenges for cybersecurity because remote work environments do not usually have the same safeguards as in the office. When an employee is in the office, their working environment is fortified by layers of preventative security controls. However, when devices leave the perimeter and people go remote, new risks arise for the company.
Therefore, as organizations around the world turn to remote work and learning, cybersecurity hygiene is an important practice to revisit and maintain. Individuals should continue to be vigilant against those looking to steal data, disrupt systems or undermine an organization’s reputation and credibility.
Review and implement the following cybersecurity hygiene areas and actions to protect yourself, your organization, and the organization’s data in a remote environment.
Remote work and learning inevitably increases the number of devices and online conferencing tools, like Zoom, Microsoft Teams, Google Hangouts and Slack, that an individual will use on a given workday. That shift simultaneously presents a greater number of potential targets for hackers and other criminals.
Unsurprisingly, cybersecurity firms are predicting a spike in hacks and breaches targeting businesses as the COVID-19 outbreak continues. Even at the beginning of March, security researchers identified multiple phishing scams in which attackers sent emails posing as authorities from places like the Center for Disease Control and Prevention or the World Health Organization in order to trick victims into downloading malicious software or providing their login credentials.
So what can you do to prevent a cyber-intruder from accessing your data or the company’s?
1. Be on the lookout for suspicious emails, texts, phone calls, apps
It is important to be extra vigilant about suspicious emails, texts, calls, or applications. Cybercriminals thrive on crises, so be cautious of phishing emails designed to entice you to click on the latest and greatest offer related to coronavirus protections, or with urgent instructions posing as someone within the Firm. To help combat some of these issues, pay extra attention to website addresses, and block suspicious phone numbers sending text messages or robocalls through your mobile phone.
2. Know the proper email addresses and phone numbers for key contacts (e.g., supervisor, IT helpdesk, information security team) and organization systems.
By verifying proper addresses and phone numbers (as well as saving them in your phone), you can more easily identify suspicious emails, text messages, and phone calls. Furthermore, having direct lines to individuals allows you to confirm any communications you may be unsure of.
3. Rely on your organization’s official website(s) daily for updates
Save your organization website(s) in your browser then use these to access the sites. This prevents you from typing in the website addresses or clicking suspicious-looking links that may resemble links you may see on a normal basis.
4. Report any suspicious communications or events, as well as any systems functioning improperly, to your organization’s IT and/or information security functions, via the approved channels
Overcommunicate here. By bringing any concerns to the attention of the IT professionals, they can assess the situation more thoroughly and take appropriate action. Furthermore, if you raise the alarm on certain shady behaviors or events, it may help protect others in your organization from similar attacks.
To help boost your cybersecurity hygiene, there are a number of proactive steps you can take:
Part of your digital awareness is understanding what to avoid. Here are some things to watch out for:
Additional steps to consider to protect yourself:
For more information on this topic or to learn how Baker Tilly specialists can help, contact our team.