In 2020, we saw a huge shift to remote working due to the Covid-19 global health crisis. Despite cybersecurity concerns, we have to consider that this trend may become a new norm even post-pandemic. In fact, 74% of companies worldwide plan to encourage the trend of employees working remotely. While having a flexible working arrangement certainly has its benefits, it is not without its own set of risks as well — particularly with regard to cybersecurity. In order to reduce your chances of becoming a target of a security risk or data breach due to people working from home, it is vital to implement and encourage sound cybersecurity strategies. To help with this, we have compiled an easy list of six Do’s and Don’ts that you can implement right away to help protect you and your organization.
1. DO: Ask your employees to use a VPN
VPNs are a common and popular cybersecurity tool. While employees may use their own VPNs, you should note that cheap or free VPNs may not provide the protection you need. There are even fake VPNs that exist to steal your data. The safer option is to instead opt for a dedicated business VPN for small businesses. We included a list of some business VPNs that are designed for small business users. These VPNs protect both employee and business data by allowing confidential data and important files to be sent and accessed safely.
2. DO: Update your company’s software
Computer updates can sometimes be a hassle, but they are not just there to add more features to your devices. Software updates also patch security flaws. Remember that cybercriminals are always coming up with new ways to breach your device and security lapses in your IT infrastructure only improve their chances. So, before you decide to delay that latest update notification, consider that you may be putting your device and your data at risk.
3. DO: Learn about phishing attacks
Executives and cybersecurity professionals are not the only ones who need to know how to handle cyberattacks. Your greatest asset, your employees, must be aware of the kinds of threats that exist. The best VPNs and anti-virus software may not suffice if employees fall prey to phishing attacks. Phishing simulations and awareness training can help your employees recognize commonly used tactics and become more vigilant. Consider developing internal training resources and providing resources for your organization to learn more about common cyber threats and how they have been used in the past.
4. DON’T: Assume that your business is safe
Cybersecurity experts predict that there will be a cyber-attack every 11 seconds this year. This is a particularly important thing to remember as cybercriminals are always looking for ways to attack businesses and individuals. Cyber attacks will cost the global economy billions this year. The unfortunate truth of the matter is that a perfect security strategy doesn’t exist but having enough practical measures in place can significantly lower your chances of becoming a target. Consider adding some basic level of cybersecurity training for both employees and employers so that everyone shares the same understanding of the threat landscape and what can be done about it.
5. DON’T: Use public networks
Some public Wi-Fi networks need a password to log in but remember that having a password requirement doesn’t automatically make them safe. Public networks are not secure. This means other people have easy access as well and there are no firewalls keeping you safe from malicious entities. You could end up logging into a rogue network. What this means is that a cybercriminal’s hotspot pretends to be a public network and acts as a middleman between you and the real network. This allows them to see all of your online traffic and even the credentials you use.
6. DO: Use this as an opportunity to improve your security posture
Though the circumstances in which remote worker percentage increased is unfortunate, there is a bright side for security practitioners and IT leadership. This time can be used to reinforce and refine your organization’s security posture. The sudden shift to remote workers has likely revealed the agility, or rigidity, of your security program and controls. Looking through an optimistic lens, the COVID-19 pandemic and transforming threat landscape has presented organizations with an opportunity to modernize their security and infrastructure delivery.
How can Rapid Strategy help?
Rapid Strategy aims to partner with you on your journey to provide fast and effective risk reduction strategies and controls in your environment. Rapid Strategy can quickly assess the state of your organization and provide you with strategic and targeted risk-based solutions. Contact us to accelerate your cyber security.