COVID-19 has changed a lot of things about the way workplaces function, what people do day-to-day, and the perception that “going to the office” is the only way to get work done. More and more, telecommuting is becoming an option, with employees performing many of the same functions they formerly went into the office to do right from their own homes. Unfortunately, this is blurring the line between “work time” and “personal time,” and many people are being increasingly caught off guard by cybercriminals working to exploit this situation.
There are a slew of issues that arise when working from home, the largest of which is cybersecurity. The equipment that companies may employ for use in their buildings is simply not the same as what is available for most end-users and employees at home. Person A and Person B may both use the same machines with the same procedures and the same software at work. When at home, Person A and Person B may have radically different setups. Cybersecurity and data security are essential whether staff work at the office or at home, thus employers need to increasingly make sure that staff members are trained to look for red flags and that those employees have the proper equipment to do their jobs in a safe way.
According to Deloitte, there has been a 25 percent increase in phishing attempts and fraudulent emails since the beginning of COVID-19. The reality is criminals do not care whether there is a pandemic or not. They take advantage of situations as they present themselves. The opportunity to hack into a Zoom meeting and intercept company secrets, trick employees into providing information via electronic means, or make a couple of quick phone calls to unsuspecting employees to obtain confidential corporate data is becoming more and more available due to the vastly increased numbers of telecommuters working today.
How can staff reduce some of these risks? Here are a few ways to start:
· Assess the ability of the company to recover from a ransomware or widespread cyber-attack. How quickly can things get back up and running?
· Best practices indicate that a written security incident and information security plan should be in place. Computer and data policies should also be listed in employee training documents.
· Validate the security capabilities of business partners, service providers, and the supply chain. Many breaches occur due to weaknesses in the supply chain.
· Regularly check that new security measures being taken are actually effective. During the initial days of the crisis, many new plans were outlined and implemented before employees were even trained to properly use them.
Working from home is not a bad thing. Not inherently. With that being said, it does bring along with it some security risks that were not present before. Take the time to review the IT security plan of your company and update any training that employees may need to adequately and safely perform their duties.