With “stay put” orders now extended through at least the end of April, it looks like we’ll all be working from home for longer than initially expected. While there are some great perks to working from home – like no morning or afternoon commute and more time with family – you do need to be on high alert for phishing scams and cyber-attacks.
The U.S. Cyberspace Solarium Commission has reported an increased number of Coronavirus related phishing scams and cyber-attacks. Since working from home has become the new norm, cybercriminals are exploiting the situation.
Here are some tips to make sure you’re practicing good cyber-hygiene while working from your home office:
1. Be Extra Cautious of Coronavirus Related Emails
Cybercriminals are preying on your anxiety about the Coronavirus. Be wary of senders claiming to be the World Health Organization (WHO) with information or news regarding the pandemic, or companies like Netflix or Amazon asking you to verify your account information. Phishing emails try to create an impression of urgency in order to panic you into clicking a link. In addition, emails sent from people you know, but asking for unusual things are also suspect, so verify with the person by phone if possible.
If you think you have received a suspicious email, be sure to let your IT department know so they can investigate before you open or click on any links.
2. Enable Multi-Factor Authentication
This one is quick and easy. When you enable multi-factor authentication, you’re adding an extra layer of security to the apps you’re using. You’ll also want to make sure you’re using strong passwords and not saving them in your browser.
3. Connect to Your Company’s VPN, If Possible
Having a Virtual Private Network (VPN) solution for your PCs, laptops, and mobile devices creates an encrypted network connection, which makes it safer for employees to access confidential or sensitive company resources.
4. Use only Work-Issued Devices
Tell your employees they should be using only company–provided equipment. Your personal devices may not have the appropriate levels of malware protection or anti-virus software installed. If a security incident takes place on an employee’s personal device, the organization and the employee may not be fully protected.
5. Connect to a Secure Wi-Fi
Avoid public Wi-Fi. If necessary, use personal hotspots or some way to encrypt your web connection. Luckily, these days most Wi-Fi systems at home are properly secured, but some older installations might not be. If your connection is insecure, people in your vicinity can snoop through your devices or files.
The tips above should help employees act safely with company devices and information, no matter where they are working. However, as an employer, it is your duty to formalize working from home and remote work policies. We recommend documenting these policies in your business continuity plan and training staff on cybersecurity policies when on-boarding, during recurring security awareness trainings, and any time your company updates its cybersecurity policies.
For more tips and best practices, download our Cybersecurity Checklist.