Right now, your health and finances are not the only thing at risk. With so many companies suddenly sending employees to work from home, cybersecurity policies are being put to the test. Scams are on the rise and un-secure home network environments open companies up to other dangers. While operating outside of your normal, controlled IT environment, REDW recommends you look for holes in your policies in the following areas:
- Hackers are working overtime, taking advantage of our emotions. Stay on track with your organization’s cybersecurity awareness training program, so employees know what to look for.
- Warn employees to be suspicious of opening emails, links within emails, email attachments, or text messages on such topics as:
- Stimulus money from the federal government
- Donating to help COVID-19 victims
- Updated coronavirus maps for your city or state
- Keeping children safe
- Old phishing scams are back, such as requests for wire transfers or ACH account changes. Inform employees that they need to verify this information by calling the business contact on a known phone number or ask a colleague to review unusual requests before making any changes.
Secure Connections
- Employees working from home should be connecting to your systems with a virtual private network (VPN) or virtual desktop.
- Help employees secure their home Wi-Fi. Public Wi-Fi networks should be avoided to mitigate the risk of internet traffic being intercepted. Provide instructions or IT assistance to employees who do not know how to secure their home Wi-Fi.
- Consider multi-factor authentication, or at the very least complex passwords to physically secure employer-provided computers.
- If employees want to use personal devices for remote access, help them bring devices up to date with the latest security patches and endpoint protection.
Data Confidentiality
- Ensure sensitive data is shared securely and personnel access is limited appropriately.
- Working from home is a new dynamic for many employers and employees, but your policies for handling sensitive information should still apply. For example, many of us have family members at home during working hours, and are relying on video conferencing to talk to colleagues and clients, and maybe even printing confidential information on home printers.
- Communicate to employees how to report a security incident.
If you urgently need to update your cybersecurity policies and procedures, or would like to implement cybersecurity training programs, REDW can help. We also offer an extended network of experts who can assist with data breaches and other emergencies. Please contact Jennifer Moreno, our Cybersecurity Practice Leader for more information about our full range of services.
REDW is committed to keeping you informed at all times, but especially during a crisis of the magnitude of the COVID-19 pandemic. Stay connected with us on LinkedIn and @REDWLLC. Or check out some of our other updates here.
