The COVID-19 pandemic has changed the way we view office work. Roles that we once thought could only be done in the office are now being carried out from home. COVID-19 has accelerated plans for adopting a work-from-home model out of the necessity of social distancing.
One thing to remember about remote workers is that your employees’ home offices could increase your cyber security risk. For instance, staff could be accessing company systems using their own network devices and services, which are not configured by default to be secure. Sometimes, employees access the Internet via an open-access point where your Web activity is open and visible to anyone else on the Internet. Bad actors could be lurking nearby ready with a Wi-Fi Access point to intercept and monitor wireless network connectivity.
Human nature of following the path of least resistance is also a problem when trying to fortify your cyber security. Janine Yancey writes in an article for Entrepreneur magazine about a study her firm did involving 4700 employees. The study found that:
- One in two employees’ reports using the same usernames and/or passwords across their work and personal accounts.
- 8 percent believe that security precautions on personal devices are more trouble than they’re worth.
- 20 percent report not changing their work passwords since last year — or ever.
These habits as reported by Yancey could put your organization at risk of data theft, phishing and ransomware, just to name a few. If you are a business owner wondering what you can do to combat these problems, there are some simple steps that can help you lower your cyber security risk.
- Cyber Awareness Training. Cyber security needs to become everybody’s business. Ensure staff are aware of what a phishing email looks like and to avoid clicking on any malicious links.
- Keep your software updated. This goes for all network systems on premises and in the cloud. Also, employees need to ensure their devices are also running the latest updates. When staff were in the office it was much easier to control, maybe IT would do it for everyone. For your remote employees, make sure they know how to set up automatic updates for their laptop operating system and applications.
- Password Policies. First, employees should not be reusing their passwords on a variety of personal and work systems. Teach staff about using a password manager to keep track of long, complex passwords. In addition, remote employees should know that the home network also needs to be password protected. They need to change default admin/access default account passwords on home devices and anything with Internet connectivity. This means wireless routers, printers, TVs, and IoT devices.
- Use antivirus software and keep it updated. Endpoint antivirus/anti-malware protection software needs to be used inside the network and also on the remote worker’s devices. All anti-virus and anti-malware software need to be kept up to date.
Do you want to test your staff’s cyber awareness? Contact us about Cyber Awareness training.