The COVID-19 pandemic has drastically changed the way humans interact with each other across the board, handshakes have switched to fist bumps, massive conferences have gone digital in the form of webinars, and more importantly, employees have built makeshift offices within the comfort of their own homes.
According to Shefali Roy, former CCO & COO at TrueLayer, a UK-based FinTech firm, working from home has become the new norm.
“People are working longer and harder, which can be a big cause for concern with regards to employee burnout since they’re on high alert at all times due to the sudden merge of workstations and home comfort,” Roy said during a the MoneyFest 2020 webinar.
Thus, it isn’t strange for employees to start asking their employers about their work-from-home policy.
While remote working offers safety from a physical virus, it exposes employees to threatening digital viruses. Cybercriminals have taken advantage of this shift in the workplace and have targeted their sights around remote employees across the board.
According to a report published by Kaspersky there have been almost 726 million confirmed cyberattacks since the beginning of the year; “This has put 2020 on course to rack up somewhere in the region of 1.5 billion cyberattacks for the year,” the report stated.
While some companies have rejuvenated their IT security teams to deal with threats, many other companies haven’t and a big number of businesses are exposed to these breaches every day.
This leaves workers to fend for themselves against sophisticated cybercriminals’ intent on stealing their information and wreak havoc on businesses.
Fret not, according to the National Cyber Security Alliance, a U.S.-based cybersecurity non-profit, there are a number of ways that can help you protect your sensitive company information while venturing out of the digital safety of the office:
- Think before you click. Cybercriminals are taking advantage of people seeking information on COVID-19. They are distributing malware campaigns that impersonate organizations like WHO, CDC, and other reputable sources by asking you to click on links or download outbreak maps. Slow down. Don’t click. Go directly to a reputable website to access the content.
- Lock down your login. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
- Connect to a secure network and use a company-issued Virtual Private Network (VPN) to access any work accounts. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase. Employees should not be connecting to public Wi-Fi to access work accounts unless using a VPN.
- Separate your network so your company devices are on their own Wi-Fi network, and your personal devices are on their own.
- Always keep devices with you or stored in a secure location when not in use. Set auto log-out if you walk away from your computer and forget to log out.
- Limit access to the device you use for work. Only the approved user should use the device (family and friends should not access a work-issued device).
- Use company-approved/vetted devices and applications to collaborate and complete your tasks. Don’t substitute your preferred tools with ones that have been vetted by the company’s security team.
- Update your software. Before connecting to your corporate network, be sure that all Internet-connected devices ‒including PCs, smartphones, and tablets ‒ are running the most current versions of software. Updates include important changes that improve the performance and security of your devices.
While employees can arm themselves with these helpful tips to fend off cyberattacks and breaches, remote workers can still educate themselves on how to spot phishing and ransomware attempts.
There are more than a handful of hints that could flag emails as suspicious or malicious, such as:
- Strange requests: these types of emails tend to give out information that’s out of the ordinary, maybe an unexpected request or one that isn’t directly relevant to you. The most likely case is that it’s a typical phishing email, even if the domain came from within your very own organization, call the sender and ask.
- Generic salutations: If someone is sending you an email and not addressing you personally, then chances are the sender doesn’t know who you are. Best-case scenario, it could be a marketing campaign, or the worst-case scenario is that you’re being targeted.
- Spelling errors: especially during emails, people will always double and triple check their emails for typos and spelling errors to remain professional. Thus, finding these errors are ‘phishy’ so beware!
- Be wary of attachments: this is exactly how cybercriminals worm their way into computers, which is why if the sender or email seems suspicious, chances are, the virus is laying in wait in the attachment.
- Shady URLs: hiding or spoofing links is the easiest thing to pull off, since the URL could take you to a different destination to where a link reads; although staying away from it is the best course of action, you could always hover over the link to check if the destination leads to where you expect it to.
- You’ve won our competition:while these traps can obviously be spotted, people are still falling for these schemes in 2020. Always remember, if it’s too good to be true, then it most likely is, so stay away.
- Scaremongering: A common approach used by cybercriminals is to claim something like “your account has been breached!”. This creates a sense of urgency and vulnerability and can prevent people from thinking clearly. If the claims in the email were true, would the sender really tell you in this way? Always check through a different means of communication.
- Change of behavior: Maybe you’ve received an email from somebody you trust such as your boss, or colleague, but the language used is different from normal. Maybe it’s too formal or informal. Maybe the email signature isn’t the normal one used. You’re probably used to the way these individuals talk to you, so if it’s not normal, something weird might be going on.
As time passes, and technologies get more and more advanced, so do cybercriminals, as they stay up to date with the technological winds of change to further find their weak points. Thus, employees who choose to stay remote have a responsibility toward their employers to remain safe online, as the damages are no longer measured on an individual level, but can take down entire organizations.