We are at a turning point as companies are deciding what to do about returning to the office after the pandemic. As many schools prepare to welcome children back this fall, should you also be expecting your employees to return to the office, and how will you handle your data security and risk management plans depending on what you decide?
How will you handle data security when you have office and home workers?
Recently we have seen Fortune 500 companies including Apple push back their return to October 1st, saying this date could also change depending on the Delta variant. Other companies like Google and Amazon are looking at hybrid options for the fall. At least for the near future, it appears that a hybrid model is going to be available to many employees. An important piece of making that plan successful is considering how to handle risk management and data security during this uncertain time.
This year looks like it could be a record-breaker for data breaches and not in a good way. The Security Boulevard recently reported that phishing and ransomware are driving the increase in data security breaches, adding, “Data compromises have increased every month this year except May. If that trend continues, or even if there is only an average of 141 new compromises per month for the next six months, the total will still exceed the previous high of 1,632 breaches set in 2017.”
Hackers are working harder than ever to break into company networks and steal valuable information. When it comes to security while working from home, or a hybrid model, we shouldn’t be complacent. A BBC article reported, “An industry survey found 56% of senior IT technicians believe their employees have picked up bad cyber-security habits while working from home.”
Don’t use public WiFi which has no security measures in place and makes data vulnerable to hackers.
So whether your employees are returning to the office, working full time at home, or a mix of both, keep these points in mind:
1. Train employees to avoid malware and phishing
Remember to use best practices when you decide whether to click on a link or not. The criminals who send scam emails are preying on your emotions around COVID-19 vaccinations and are using the virus as a topic to entice people to click malware links. If you are running a team of employees working from home, consider asking them to review security training for this purpose.
2. Check the security of all networks
Remind all employees to keep their home network secure by making it password-protected. Only approved users in the household should have access. Don’t use public WiFi which has no security measures in place and makes data vulnerable to hackers. When possible use a Virtual Private Network connection, also known as a VPN, to protect your traffic from being spied on. Many endpoint protection software providers add this to their service offerings. Check with your IT department to see if they have this capability.
3. Enable multi-factor authentication on all critical systems, especially email accounts
This is a simple but effective way to protect systems from ransomware and credential hijacking. Using MFA (multi-factor authentication) decreases your reliance on passwords alone which are often easily hacked.
4. Use strong passwords
I regularly remind customers and employees about this simple action item, so now is a good time to reinforce this message with your remote/hybrid workers. Try using a memorable phrase for a password rather than a single word and never write them down. Include numbers and special characters to increase the complexity of your password. We’ve offered advice in the past about passwords so take the time to make sure your team is following best practices.
Regularly change passwords and never write them down.
5. Update virus protection on employees’ laptops.
Protect your company data by running the latest versions of all the programs you use. The patches and updates that are issued on a regular basis often contain security updates that will protect your team while working from home. We recommend that team members use a laptop or device that belongs to your organization. Do not use home equipment to access work-related systems unless that’s your only option - personal equipment might not have up-to-date security programs in place and leave your network vulnerable to attack. Consider using a third-party vendor that can manage and monitor this for you.
6. Update your corporate cybersecurity policy.
Your organization should have a cybersecurity policy that outlines the corporate standards of behavior for using your networks, authentication, etc. Make sure this is up to date with regards to an increased number of work-from-home employees. This policy will include access management, access to documentation, use of personal devices, and data privacy considerations.
A final personal tip, as we return with a hybrid working model at Ostendio, is to remember the importance of company culture. With some employees remaining remote and others working at the office part-time it is easy to lose sight of cybersecurity objectives. Make sure your employee training is up to date so every employee knows their role in protecting your organization. Your employees are the frontline of your cyber defense. Use incentives to encourage employees to stay vigilant, and focus on rewarding good behavior rather than just penalizing bad.
Make sure your employee training is up to date so every employee knows their role in protecting your organization.
Ostendio offers free Business Continuity consultations with its customers. If you need help with your Business Continuity planning due to an increased number of remote employees Ostendio can help.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at email@example.com.
Ostendio MyVCM Customers
Learn how Ostendio MyVCM customers like emocha Health, Arklign and Hint Health are using the MyVCM platform to be perpetually secure.