In response to the COVID-19 pandemic, many companies have encouraged, if not required, employees to work remotely. Such mandates are a necessary and sensible accommodation in these uncertain times, but companies must be vigilant in addressing the cybersecurity concerns inherent in such a large-scale and untested shift to remote work.
Fend off phishing scams: As is often the case in times of disruption and distraction, cyber scammers have already begun to launch phishing attacks. Recent attacks specifically aim to take advantage of the confusion surrounding COVID-19 and have included threat actors sending fake CDC updates, posing as employers communicating business continuity plans and impersonating third parties offering assistance. Alert all employees to the existence of such threats, providing detail around the specific types of phishing emails to look out for. It may also be a good time to send spoofed phishing emails as a test, so that employees remain vigilant.
Don't be mistaken for a phishing scam: In efforts to test communication systems with employees, employers may need to send texts and emails to employees, including those asking employees to send a response as to their whereabouts. While well-intentioned, employers should take steps to ensure that employees do not mistake these messages for phishing scams. Similarly, these communications can provide an opportunity for scammers to mount an attack using similarly worded messages. Make sure employees are aware that they will be receiving such messages and consider embedding an image, logo or company-specific language in all such communications so that employees can verify their authenticity before responding or clicking on an embedded link.
Prevent Remote Work Data Loss and Security Compromise: While advances in technology make it possible to work from outside the office almost seamlessly in many industries, remote working can also tempt people to cut corners when it comes to cyber hygiene. Discourage employees from using unsecure or public wifi connections by requiring VPN usage, assisting with home wifi password changes or providing secure hot spots. Require password protection and multi-factor authentication for all remote computers and provide a privacy shield for laptop screens to protect sensitive data from third parties. Ensure that employees have home printing capabilities to prevent document forwarding to personal email accounts. Prominently advertise secure technology capabilities to your employees; they may not know they have access to certain remote working capabilities.
Hard Copy Records: Provide guidance to employees on how to handle work-related hard copy documents and, where necessary, provide a mechanism for shredding or otherwise disposing of sensitive company materials. Remind all employees not to simply throw company documents in the recycling bin.
Regular Check-ins: Employees may be reluctant to come forward with difficulties they are experiencing while working remotely. Instead, individuals may find their own workarounds to address the issues, which can compromise security. It is wise to check in with employees proactively to solicit feedback on possible improvements to the system. It is always wise to get ahead of problems before they materialize.
Check In With Third Parties: Nearly all companies rely on third parties for critical systems support. Check in with all such vendors and gain an understanding of the steps each are taking to ensure continuity of services and inquire as to the heightened security measures they have deployed to protect against security threats. Be prepared to answer similar questions from companies to which you provide critical services.
Continue to Monitor and Maintain Network and System Security: Although your IT team may be stretched thin in assisting a transition to large-scale remote work, ensure that the team responsible for monitoring and maintaining information security continues to follow company protocols and time tables for doing so. For instance, patch management and timely upgrades are as important now as ever. Support the Support Staff: Large-scale remote working will unavoidably place a great burden on a company's network and also on the staff responsible for protecting that network and making sure it runs smoothly. Make sure that staff have the appropriate resources to deploy both in terms of manpower and technical capabilities.