With the rise of employees now working remotely, it is more crucial than ever to ensure everyone’s personal information and hardware is protected from identity theft, stolen information, and phishing. Those who have had their email, Zoom meetings or Facebook hacked know how difficult it can be to resolve the problem after it has occurred. Hackers are targeting remote workers to ultimately gain access and disable company systems holding them for ransom. Ensuring your employees practice good Cyber Hygiene while working remotely can be simple. Here are seven best practices to get you started.
1. Start by Educating Employees About Authorization and Security
Companies have a wide range of individuals with varying skill levels. Some employees are younger and don’t understand the importance of protecting information. Older individuals may not have enough technical background to understand how to protect themselves. Some employees may not care. The first step in creating cybersecurity from home to protect both the employees and the company is to educate employees. Management should take an active role in the development of company-wide policies that include the following security tips, along with educating employees about the costs (both personal and economical) that come from ignoring such policies. Sending out written, company-wide memos that employees must sign, along with an informational webinar or presentation, will at least combat the plea of ignorance.
The next step that companies should take to protect themselves and their staff, is to only allow authorized individuals to utilize particular hardware, software, and webpages. Many companies will create a block on specific servers so that employees cannot access or download from certain sites that phishing is common. This includes apps and games. Utilizing authorization software puts a wall between employees and potential threats, which in turn protects a company’s assets for an inexpensive price.
2. Make Sure that the Equipment is Secure
Employees who are working remotely may have to share their computers and other hardware with children who are engaged in distant online learning. Therefore, each employee should have their work computer secured, so that other individuals in the house cannot inadvertently breach security measures that the company has enforced. If a shared computer is necessary, each user should have a separate account on the computer that other individuals cannot access.
Other than the computer, WiFi routers should be updated if employees are beginning to work from home. Employees should be discouraged from using any type of public WiFi connection. Passwords on WiFi accounts should be changed regularly.
3. Passwords and Verifications
An individual can take proper precautions and work with the companies on maintaining unique passwords and changing them often. Employees should never utilize common passwords- names of children or pets; birthdays or anniversaries; or any other common information. Passwords should be different on all platforms and never reused across applications. They should also be changed regularly to prevent phishing.
Two-step authorizations can be useful as well. If a hacker is trying to get into an account, a two-step verification method would send a notification to a cell phone or email, making the employee aware that someone is attempting to log into an account or verified website. If this happens, and the employee is not the one who is accessing the information, contact should be made to the company’s help desk immediately.
4. Make Sure a VPN or Encryption Software is Utilized
Two of the greatest safeguards that a company or an employee can use is encryption software of a Virtual Private Network (VPN). Encryption software is commonly used by doctors’ offices and other institutions that mandate information to be coded when transmitted to protect against personal information being linked. Encryption software will “code” the message and only those who have the ability or reverse encryption software will be able to read it. This is very useful for the department to department transmission between employees. Installing encryption software is especially user friendly when there is only one device (such as a computer) that an employee is using for work purposes (instead of a shared computer).
Virtual private networks create private networks that are much more secure than utilizing just a normal WiFi hotspot but can be created from a standard, public internet connection. Creating this “tunnel” of communication will allow for the transmission of encrypted messages and emails to occur without the ability for hackers to tap in. It will also allow for anonymity. Many sites will not allow for VPN casting (many government sites frown upon it). It is best to check with your technology department to see if this would be a good fit for the company. It is incredibly secure but will require training of employees so that understanding is established.
5. Consider More Secure Forms of Communication
There are many ways that employees can communicate with each other while working remotely. If online conference meetings are being held, the meeting login and password should not be placed publically, such as a company social media page or on the website. Supplying standard information in written form secures a connection from being hacked by notorious “Zoom Bots.” This is when a hacker will take over a meeting, write all over the screen, and make communication inappropriate and difficult.
Other forms of communication will protect the employee as well. Although many remote workers have been accustomed to utilizing email correspondence because it leaves a written record, it is also still possible to send a text or quick phone call. This may help protect against some forms of identity theft as well.
6. Don’t Become a Target and Protect Personal Information
One of the most important things that people can do, is to not share personal information via their company computer, or their company’s information on their personal computer. It seems like common sense, but often social security numbers, credit card and bank information, along with personal data is shared via online applications that are not secured. By creating walls that won’t allow the sharing of personal information, employees can protect themselves and the company.
Most information like this is shared by emails. It is easy for someone to write their credit card or bank information in an email, especially when paying on a purchase order or buying supplies for the company. It is also easy to supply personal information about the company.
7. Beware of Attachments
Do not, and this is worth repeating, do not open emails with attachments unless you know the person sending it and you triple check the email address that it is coming from. Professional hackers will mimic an address to make it look legit, but a simple change in the email address, combined with an attachment (many times in a .txt file) means doom for a computer. Having a virus or anti-phishing software can help, but hackers have become accustomed to building their tools of destruction around these programs.
The same goes for eye-catching pop ups. Sure, it can be tempting to fall for click bait, but it can be devastating. Part of active cybersecurity is to be diligent in the use of a company system, and not to endanger it by an ad that looks fun or advertises and items that have been linked to your cookies (little pieces of information that create ads based on other search history).
There are many software programs that can be used, on individual computers and on company networks, that will help to create safeguards against phishing and hacker programs. The ultimate responsibility comes down to the individual. In order for that to happen, each employee needs to know what and how to implore, strategies to help keep their information safe, and keep the company’s information secure. Communication is always key- between management, employees and a tech department. Any warning signs of cybersecurity breaches need to be handled immediately before they are spread. Taking the right actions, everyone can feel a little better as we transition to a more remote work environment.
You might also be interested in:
FREE ZOOM WEBINAR: Cybersecurity in the New
Work From Home Movement
How to protect your employees and your organization from Cybercrimes
and Privacy Issues as more employees work from home.
When: Thursday, August 13th, 2020 at 3PM ET