You might work for one of the companies across Australia that shuttered their offices and sent their employees home in response to the COVID-19 pandemic. But now that the country’s focus is increasingly turning to what life will look like after the shutdown, a big question looms: How can companies keep their data safe when their employees might be working just as often from home as they do in the office?
The answer: You and your employer need to team up on device security.
Business owners, of course, are focusing now on how to protect their workers’ health as they work out plans to eventually return employees to the office. This means a focus on sanitizing stations, desk configurations, staggered schedules, and enhanced cleaning schedules.
But businesses can’t ignore the health of their companies’ data, systems, and employee records. Hackers and cybercriminals remain a serious threat to companies, something that COVID-19 hasn’t changed. Protecting data might be even more complicated today as employees continue to spend at least part of their time working from home now that people remain focused on social distancing.
Here are six tips that companies can take to help secure the laptops, desktops, smartphones, and tablets of their employees, no matter if they’re crunching numbers in the office or attending video conferences from their back porch.
1. Boost mobile devices with security software
When employees work from home, they may be completing company work on their own devices, whether that means a laptop that they also use for gaming or a tablet on which they also stream their favourite movies and TV shows.
This, unfortunately, could provide opportunities for hackers to exploit. Personal devices may be less secure than the laptops or desktop computers you might use while working in the office. The devices you use while in the office benefit from the security measures often put into place by companies' IT teams. These company devices are often protected by firewalls and might automatically block certain IP addresses. Your personal devices? They might lack these features.
Companies, then, have a choice: They can provide their employees with laptops, smartphones, and other mobile devices or they can allow employees to use their own personal devices for work and require employees to boost those devices with security software provided by the company.
The first option might be the smarter choice. Companies have more control over the security measures and antivirus measures installed on these devices. They could also set up these devices so that they receive automatic software updates when security flaws need to be fixed.
2. Teach how to resist phishing emails
Maybe being in quarantine leaves scammers bored, too. Or maybe cybercriminals recognize that people sheltering in place are spending more time in front of their screens. Whatever the reason, phishing attempts have been on the rise since the COVID-19 pandemic has been dominating the headlines.
Google, for instance, reported in late March that phishing attempts had risen by 350 percent since the start of quarantine.
It helps, then, for employers to educate their remote workers on how to recognize phishing emails and the scams they contain. They should also train employees on the importance of not clicking on attachments in emails from senders they don’t recognize.
Depending on how many employees are working remotely, company officials might have to offer this training through video conferences or online slide shows.
3. Educate about spear-phishing attacks, too
If you’re working remotely, you might be especially vulnerable to a particular type of phishing attack called spear phishing. Unlike traditional phishing scams, spear phishing is a highly targeted form of cyberattack.
Often, scammers will send emails that look like they’re coming from high-ranking officials in a company. These emails, sent to lower-level employees, might ask for personal records of employees, company plans, payroll information, or other sensitive business information.
The target, thinking that the email came from the company’s chief financial officer, president, or chief executive officer, may obligingly send the information.
Remote employees might be more apt to fall for these scams since it’s not as easy to simply walk down the hall, after all, and ask the CFO if she really wanted those personnel records, for example.
So it’s important for companies to educate their employees on these attacks. For instance, a company might put a procedure in place in which employees are required to contact high-ranking officials to confirm that these officials actually sent the email asking for sensitive company information.
4. Take steps to keep video conferences safe
Many employers may be turning to services such as Zoom, Microsoft Teams, and Google Hangouts for their employees to schedule and participate in video chats with coworkers and clients.*
While these services provide a way for employees to connect while working from home, they can also provide opportunities for hackers.
Criminals can hack into a call and spy on confidential company information. They might infect the computers or other devices of employees with spyware and malware to steal trade secrets, personnel information, or company financials.
In some cases, hackers have managed to hijack video conferences and splash pornographic images on the screen or threaten employees with physical violence.
How can employers and employees help protect their video conferences? First, advise employees to always use the ‘waiting room’ feature if one is available. This feature forces conference participants to wait in a separate virtual room before a video conference begins. The host — say, the company — then can allow access to only those invited participants who are supposed to be in the meeting. This can help keep unwanted visitors away from your video conferences.
Employers can also set a policy which requires participants in company video conferences to enter a password before they can join a meeting. And if employees can create their own password? Don't be lazy and go with something like "meetingpassword" or "12345." Instead, employees should be trained to create a password containing at least 12 upper and lowercase letters, numbers and symbols. Or you can use a lengthy passphrase.
5. Don’t forget about video conference training
Companies may have to train employees a bit, too. Only invite employees to meetings through your conferencing software. Don't invite them through Facebook, Twitter, or any other form of social media. Make sure invitees don’t share the link to their video conference with anyone else.
And finally, before you use the video conferencing program suggested by their company, employees should understand the security measures these providers have in place. And if your company’s video conference provider updates its software, employees should be encouraged to promptly install and use the latest version. Updates often focus on patching software flaws to keep hackers and cybercriminals away, so don't skip them.
6. Watch out for Wi-Fi
When employees work from home, they may be likely to head to coffee shops, libraries, or restaurants — once these are open again — for a change in scenery. If that’s you, you might be tempted to log onto public Wi-Fi to complete company work.
This can be dangerous. It’s easy for hackers to access public Wi-Fi networks, which are often not protected by strong security measures. If employees are sending company information through email or accessing company documents through an online portal, they could expose company secrets or personnel issues to hackers.
Even when employees work from their own homes, there’s no guarantee that their home Wi-Fi will be better protected.
What can companies do? They might consider a policy stating that employees can’t do company business over public Wi-Fi.
A better solution? Companies might require that employees only conduct work business after first logging into a virtual private network, or VPN. A VPN acts as a sort of cloaking device, hiding users’ IP addresses and encrypting the data being sent to and from their devices. This makes it far more difficult for hackers to spy on what they’re doing online.
Companies should also help their employees set up a separate Wi-Fi network at home that they will use only for work.
Yes, doing this and signing employees up for VPNs will cost extra money. But helping to protect company information and employee personal data is well worth this cost.