Due to the ongoing coronavirus pandemic disrupting the world, many people are dispersing to their homes to work and study. They’re taking their laptops and company data with them. Tech companies and IT staff members are swamped with requests to help employees set up the technology for their remote offices.
“People who have never worked from home before are trying to do it and they are trying to do it at scale,” said Wendy Nather, a senior advisor with Cisco’s Duo Security.
And where computers and data go, hackers are sure to follow. Cyber security experts say that hackers will start seeking ways to take advantage of businesses and employees from a new angle. Government officials in countries around the world are issuing warnings about the dangers of a newly remote workforce. On Friday, March 20, 2020, U.S. cyber security officials released an advisory warning companies to update their Virtual Private Networks (VPNs) and to guard against malicious emails targeting a disoriented workforce.
This quick, unexpected transition to working from home has the potential to open up big opportunities for cyber criminals. Criminals are likely busy crafting password-stealing messages and malicious software using coronavirus-themed alerts and warnings as bait. Other hackers are already masquerading as the U.S. Centers for Disease Control and Prevention in an attempt to break into emails or swindle users out of bitcoin. Working from home also can provide an window for tech support scammers pretending to fix an IT problem in an effort to gain control of a target’s computer.
Employers and employees need to take care to protect confidential company information. Here are few tips to keep in mind to minimize the risk:
Employees
Be Vigilant About Phishing Emails
Watch for phishing emails designed to play on your fears, whether it’s enticing you to click on a surefire coronavirus protection or with urgent instructions allegedly from your boss. Any of those emails could be an attempt to get you to download malware onto your device. If you have any question about the validity of a company email, contact the sender — especially before wiring any money or following changed payment instructions.
Keep Your Devices Safe
Make sure your devices are up to date on their anti-virus protection and that you’re using secure and known connections. Use multi-factor authentication on any and all accounts possible. Follow company guidelines on internet use.
Only Use Secure WiFi
Only work on secure, password-protected internet connections. If you have to use public WiFi, avoid accessing any sensitive information. Hackers may try to trick you by mimicking the name of a secure network. Look closely and verify the network you’re joining is legitimate. If you don’t, a hacker can take control and access everything you do on the internet.
Report Lost or Stolen Devices Immediately
Remote work increases the potential for the loss or theft of your devices. Report any lost or stolen device immediately to the company to minimize the risk of fraud.
Employers
Confidential Information is Still Confidential
Remind employees to use the same care or more with confidential information. Personal email should not be used for any company business. Employees need to keep track of what they are printing at home. They must take care to shred any documents with sensitive information.
Remind Employees Not to Use Personal Laptops for Work
Ask your employees to use company-issued laptops. Use of personal devices creates problems around document preservation matters and adds increased risk.
Update Your Emergency Contacts
Be sure your company has contact information for all employees — whether a cell phone number or other way to contact the employee outside of company systems. That way, should your company fall victim to a cyber attack, you’ll be able to communicate with each other.
As with all data security, remote access is only as strong as its weakest link. With a combination of technology, training, and awareness, it can be done safely and smartly.