Teleworking opportunities have become increasingly more favorable in today’s world, with an increased list of benefits for both employers and employees. Reduction in overhead costs, reduced commute time, zero judgment from colleagues regarding your sweatpants Friday dress-code to name a few. And especially today, as we are in the middle of a public health crisis, teleworking is something that everyone is doing in order to stay healthy!
But there are challenges- with more people working from home, we also see a decrease in face to face communications, which could lead to an increase in malicious attacks and phishing e-mails. By now we all know, or should know that your CEO is generally not going to send you an urgent request for Amazon gift cards or ask you to wire $500K to an offshore account.
As we have mentioned in our scam of the week notices on social media, scammers will utilize anything, especially current events, in an attempt to access your company systems and take control of your data:
Washington Post delivers alarming story on mask shortages
WHO offers safety check list
Fake NBC Tribute to Kobe Bryant
Increasing our dependency on email and non-face to face interaction gives scammers more opportunities and possible hijacked sources to launch attacks. Being out of their business element, employees are more susceptible to clicking a malicious link or downloading a dangerous file when typically, they would not.
As a helpful reminder we listed a few best practices to ensure in times when more people are working from home or teleworking that you maintain the same level of cyber security as when people are in the office:
- Make sure everyone is aware of your cybersecurity policies and procedures and are following them. Do you have a policy in place regarding remote access, acceptable use, email and or an overreaching work from home policy? If not, it might be time to implement policies and procedures so that everyone in your company knows the right course of action. If you do have something in place, make sure it is up to date and that all employees know what is in it or how to access it for reference.
- Practice good Cyber-hygiene. Would Bob from accounting really be sending you a document to proofread when he never has done so in the past? Would a vendor that always calls you directly randomly send you a go-to-meeting request with a 5-minute notice? If it seems very out of the norm, then that file or link is probably not from the actual sender. Double check e-mail addresses and hover over the links before clicking or downloading to check the URL. When possible, use another means of communication (phone calls, internal messaging systems, Teams, Skype) and verify the e-mail contents with the sender.
- Know how to use your company’s VPN. Having an employee utilize a VPN when working from home will allow them to function and access information through your company’s security. Typically, your security setup (anti-virus software, firewall, etc.) will be more robust than your average home setup, and undoubtedly will be more secure than a public WiFi Make sure your employees know how to access the company VPN, test those connections regularly and refrain from utilizing public WiFi when possible.
- Be EXTRA vigilant of attachments and links and where they are coming from. Proper Security Awareness Training and maintaining best practices are the keys to protecting your company and ensuring your IT infrastructure is safe from intrusion both when employees are working in the office or teleworking. Much like any skill however, security awareness needs to be routinely practiced or it will atrophy and weaken. Likewise, policies should be maintained and refreshed on regular basis.
How can Summit Help?
If you are using a security awareness service and you have policies in place, now is a great time to do a review both of your employees’ awareness to potential attacks and making sure policies are in place and being adhered to. If you are unsure of your team’s awareness and/or you don’t have polices in place, please reach out to us about our Cybersecurity Services and the PhishGoggles Security Awareness Service. With our dedicated Cybersecurity team, we offer a host of solutions and assist in drafting new policies and procedures specific for your company needs.