With a rapid increase in telecommuting, every device, email server, and Wi-Fi network accessed outside the business network is a new potential access point or vulnerability for hackers to exploit. Already, businesses and government offices are seeing an increase in cyber threats attempting to take advantage of new vulnerabilities. NASA recently released an agency wide memo alert on the topic. Business owners must establish strict policies and employee guidelines to ensure that a cybercrime crisis does not arise during this unprecedented push to work remotely. Follow these seven tips, provided courtesy of CYBERSCOUT, to reduce threats:
1. Issue Security Policy Guidance and Rules
Annual training from the IT department is not enough to keep good cyber habits top of mind for employees. Fresh reminders can go a long way to reinforce security best practices.
2. Establish a VPN
A virtual private network (VPN) system creates an encrypted tunnel that your internet traffic travels through so it can’t be seen by third parties. Setting up a VPN may seem daunting, but only requires a couple hours to configure and isn’t technically difficult. A VPN with multifactor authentication is the strongest defense.
3. Require Use of Encryption and Wi-Fi Protected Access (WPA) to Secure Networks
While no Wi-Fi is totally secure, private networks with password-protection are significantly more secure than public Wi-Fi networks – especially those offered in cafes, hotels and other public places. You can always ask a business that offers public Wi-Fi if private password-protected networks are available.
4. Password-Protect Devices Used by Employees and Third Parties
Require employees to use strong passwords that contain letters, numbers, and special characters. Avoid using the same password on multiple devices and accounts.
5. Maintain Anti-Virus and Anti-Malware Software
Remind employees to install and regularly update adequate security software on all electronic devices used to work remotely. That can be a phone, tablet, laptop, etc. Some employers are eliminating Bring Your Own Device (BYOD) options and mandating that employees use only employer-supplied equipment.
6. Power Down
Encourage employees to power down computers when not in use. Powered off computers are not accessible or susceptible to attacks or intrusions from the internet.
7. Back Up Data
Regularly backup sensitive information and, depending upon the importance of the data, ensure it is encrypted. Secure backups are the best strategy to prevent critical business disruptions in case of a ransomware attack.
More Ways to Combat Coronavirus Hacks
The following tools help in combating coronavirus-related attacks and are recommended by the Cybersecurity & Infrastructure Security Agency (CISA).
- The Global Cyber Alliance launched a very helpful video Three Simple Tips for Working from Home.
- The National Institute of Standards and Technology’s (NIST) blog, Preventing Eavesdropping and Protecting Privacy on Virtual Meetings, helps make virtual meetings secure.
- The Cyber Readiness Institute published Securing a Remote Workforce, a quick guide for businesses.
- The National Cyber Security Alliance provides a COVID-19 Security Resource Library with information on current scams, cyber threats, remote working, and more.
- NIST published guidelines to help organizations mitigate security risks associated with enterprise technologies in Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions.