Managing Cyber Risks For A Suddenly Remote Work Team

March 18, 2020

To date, there have been more than 100,000 confirmed cases and almost 4,000 deaths globally with new data pouring in every day regarding the Novel Coronavirus (COVID-19) situation.

While memes on social media tend to make light of the selling out of toilet paper as a response to the spread of the virus – and no we can’t make sense of that either – businesses and companies can’t afford to be glib about the associated fear and panic. 

Large-scale conferences to local events are being canceled and travel restricted. Stores across the US are running out of sanitizer and other household items due to panic buying and disrupted supply chains. Another major impact is that entire school districts are being closed or changing schedules completely which further impacts parents who relied on their children being in school or in aftercare facilities while they worked. 

As the virus spreads, containment controls, and their consequences, are likely to become more severe. For example, many businesses are encouraging their employees to work from home and avoid large groups as a way to slow the spread of the virus. 

One thing is abundantly clear – businesses everywhere need to prepare or have a plan in place to train their employees on established best practices and sound cyber habits to protect their clients’ customer data.

Small Business Trends reported that 48% of cyber attacks were due to a negligent employee or contractor. 

One of our carriers recommends that companies ensure that all employee devices including laptops, tablets, and desktops are protected from intrusion. 

If possible, have an IT professional set up a secure connection from the employee’s home to your company network. Connections with weak or no security leave your company open to hacking. 

Keep in mind that 62% of Wi-Fi related security incidents occurred in cafés and coffee shops if your employees are considering going to Starbucks or Panera Bread to get out of the house. 

This can put your entire business at risk. Some of our IT partners recommend using a virtual private network (VPN) to serve as a buffer to encrypt any data that’s transmitted between the Wi-Fi connection and the device. 

They also suggested utilizing Two-Factor Authentication (2FA) to make it harder for cyber attackers to gain access to accounts or devices. In that same Small Business Trends report, 65 percent of respondents stated that if a company has a password policy, it was not strictly enforced.

If part of your employees’ work requires browsing online, encourage them to only access sites that use HTTPS and avoid any sites that browsers like Chrome or Firefox warn about insufficient levels of encryption. 

Part of your remote work preparation should include guidelines for the physical security and use of work devices. Make it clear to your employees that work devices should not be used to visit personal social media pages, answer personal email, or conduct personal shopping online. Also, they should not allow friends and family to borrow work devices. 

Work devices should be stored securely when not in use. They should never be left unattended; not even in a locked car for instance. In any case, enabling the “find my device” feature is always recommended. 

Businesses should also establish clear guidelines and boundaries such as specific work hours. Doing so will not only deter burn out, but it can serve as a way to indicate unauthorized access to company files and networks if those hours have not been previously approved.

Maintain daily communication with them by phone, email, and/or text. Additionally, provide employees with a clear protocol to follow if they believe any information has been compromised. 

Another major recommendation is to protect yourself and your employees from cyber scams related to COVID-19 by avoiding clicking on links or attachments in unsolicited emails and only using trusted sources – such as legitimate, government websites – for up-to-date, fact-based information.

They should never reveal personally identifying or financial information in email. Any requests for such information should be ignored and directed to the head of your cybersecurity/IT department. 

Lastly, you should request a quote or a review of your cyber liability and data breach protection coverage. You can call us at (732) 566-0003.

Share this Post