Since the COVID-19 pandemic, many organizations have been sending staff home and have set up remote work spaces. An article in Barrie Today talks about a municipality that is bucking this trend, in part due to cyber security concerns. The Town of Wasaga Beach has closed municipal offices to the public, however, staff are still reporting to work everyday. Michael Gennings, communications officer for the Town of Wasaga Beach told Barrie Today, “The bulk of our workforce remains onsite. Some have taken leaves.” As municipal services are considered essential services, employees are required to report to work to maintain the delivery of services. Gennings also told Barrie Today that the town has laid off 11 casual/part-time temporary employees including three concession staff and eight recreation instructors. When asked why, Gennings referred to the ransomware breach that occurred in 2018: “We had a cyber-attack almost three years ago that has made us wary of the security of confidential information being transmitted over the Internet from off-site locations.” That particular breach cost Wasaga Beach dearly: “$35,000 was spent on Bitcoin, $37,181 more went to IT and Security consultants. Other costs such as staff overtime and productivity losses were figured to be about $251,759 over seven weeks. While not ideal, it’s less than the $500,000 estimate to rebuild what they could from scratch.” While there is certainly a risk to remote work, working onsite pre-COVID-19 did not prevent their first breach either. Perhaps the Town of Wasaga Beach is working on beefing up their remote security prior to allowing staff to work from home. Whether working remotely or from the office, there are cyber security best practices that all organizations should employ.
- Whether onsite of offsite, always be wary of phishing emails and clicking on rouge links. If your organization hasn’t had a phishing awareness campaign or any type of cyber security awareness training, you could be putting your organization at greater risk.
- Always use Multi-factor Authentication (MFA) to login to accounts where possible. MFA makes it more difficult for a hacker to break in, as the hacker will now need more than just a password to.
- When working offsite, be sure to use a secure Wi-Fi connection. Organizations should also ensure that staff have a secure VPN connection so that confidential data is encrypted over the internet.
- Organizations should also ensure that staff has access to only what they need to when working remotely. For example, sales staff do not need to have access to the organizations financial data.
- If using remote video conferencing solutions, ensure that they have security and encryption features built in.