Are You Keeping Up With The Changes?
Quite a bit has changed over the past few months. Businesses have shifted most, if not all employees to a work from home scenario. Kids have transitioned to an online learning approach.
Online shopping has increased. In addition to the changes that we can see, or feel, other things have changed as well. The cybersecurity landscape has changed and will continue to change, and we need to keep up.
If you think back to 2019, most businesses focused their cybersecurity efforts on the office. Most of their employees were in the office. And those that worked from home either had been doing so for some time, which means the business was set-up to support that environment, or it was an occasional occurrence. Jump ahead to Q1 2020 and enter an influx of employees working from home, along with kids at home as well. The change happened so quickly that cybersecurity practices took a bit of a backseat in the pursuit of productivity expedience.
However, hackers haven’t paused their attacks.
Well, aside from the obvious work environment changes, hackers, and other malicious groups, saw an opportunity that they had not anticipated. And, they jumped on it, wreaking havoc in some familiar ways, but also finding new ways to cause problems for business owners and their employees.
We know we talk about phishing emails a lot. Phishing emails have made a comeback. There has been a spick since the beginning of the year.
The increase shouldn’t be too surprising. Any time there is major interest around a certain topic or event, phishing emails tend to increase. The difference now is that the employees’ work environment has changed. This changes how we look at emails. We are likely receiving an influx of emails, which intensifies the odds of clicking on a link in a phishing email. And the goal of phishing emails remains the same – to steal credentials and/or drop malware onto our devices.
Virtual Private Networks
Virtual Private Networks (VPNs) enables employees to access organization files from a remote location, and are in constant use now by large numbers of remote workers. This workflow may not be familiar with a lot of newly-remote employees and they may lack training on best practices. Hackers are smart and seize upon this to exploit these weaknesses and leverage opportunities.
As VPNs are used as an access point to get into a company network, hackers can wreak havoc if they infiltrate a home user network through malware or other phishing attacks. How? Unfortunately, most at-home networks aren’t as secure as office networks, and hackers take advantage of that. If a hacker can infect an under-protected home network that has access to corporate data, guess what? The hacker can get into a heavily fortified network through a lightly defended home user.
Less Secure Environment
Many home networks lack the cybersecurity controls and hardware found in office networks. As a result, home environments are a potential cybersecurity risk for your company. With more people working from home and kids at home as well, company information and data may be visible from a home office, kitchen table, or couch. At first blush, this may seem innocent, but we all know, accidents happen. A company file or data could accidentally be deleted or emailed to someone that should not receive it.
For those working in the office and adhering to social distancing, a sense of false privacy may exist because your co-workers are no longer right next to you. Alas, privacy, should never be assumed when it comes to the security of company information
Changes in how people work, and where they work from, have led to changes in cybersecurity policies, which is a good thing. Policies today may include more details on:
- Phishing emails, including what to do if you receive one, or click on one
- Proper VPN access procedures
- Installation of multi-factor authentication to reduce risk
- Regular at-home network cybersecurity checks and remediation
- The importance of installing patches and updates across all devices
- Avoid using public Wi-Fi for company work
- Use of privacy screens and limiting work to confidential areas
- Locking devices for any company related work
- Proper use of virtual conferencing tools. First, which approved tools to use. Secondly whether or not device cameras should be on or off during these meetings
- Approved apps that can be downloaded for company work (which may not have been necessary in the past)
- Guidance when headphones should be worn during company meetings
What Hasn’t Changed
Although a lot has changed over the past few months, the importance of a cybersecurity culture and mindset along with good security hygiene to keep company, client, and employee data safe has not. As hackers adapt to changing circumstances to probe and exploit weaknesses, so must a company’s protections need to detect quickly and respond.
If the changes over the past few months have caused your business to rethink its cybersecurity plan. We have experience working with businesses across industries. We know how to keep your data secure and protect your company assets.
In the meantime, check out this short video, on how to keep your family and business safe while you work from home.