As many companies transition to have their employees work from home, policies must be set in place so cybersecurity issues are addressed, and businesses are not the victim of cyber fraud.
Many cybercriminals will be using this time to exploit companies' vulnerabilities, especially people who are working from home who do not have the same security on their networks that would be in place in a corporate environment.
Even though employees are not working in a corporate setting, both businesses and their employees play critical roles in ensuring that cyberattacks do not jeopardize the security of client information or disrupt their work environment.
What businesses can do
Businesses need to set clear expectations on how their organizations are minimizing security risk for their work at home employees. Communications should state policies as well as outline the responsibilities at all levels of business. All messages on cybersecurity should explain why the policies are important, and any repercussions should the procedures not be followed as instructed.
Businesses should also ensure all company-owned or managed devices have the most up to date essential security capabilities, as well as the ability to securely connect users to any business cloud storage, applications as well as any corporate-approved video teleconferencing applications.
VPN tools with encryption on all laptops and mobile devices add an extra level of security, as does the ability to enforce multi-factor authentication (MFA). Businesses may also want to ensure they have security software enabled that will block malware and command-and-control (C2) traffic as well as a filter to block malicious domain URLs.
Businesses should also invest in cyber insurance. Cyber insurance can include many components, including a legal liability component that protects businesses against lawsuits stemming from a data breach. There is also a business interruption component, which compensates for lost revenue resulting from downtime from a data breach. Finally, there is coverage for breach notification costs, which, depending on the size of a customer database, can be considerable.
What employees can do
While employees may think cybersecurity is solely a corporate responsibility, there are many things employees can do to help ensure networks and information remains secure. Employees should use complicated passwords, not use the same password on multiple platforms, and change their passwords frequently.
As well, employees should make sure they are using the most up to date systems and software and ensure all updates and patches are installed.
Employees should also ensure their WiFi is secure – meaning their default settings and passwords have been customized. They should also make sure not to click on or open any suspicious, unusual or unsolicited emails or text messages.
All businesses and their employees need to take the time to familiarize themselves with cybersecurity issues. As more employees work from home, more cybercriminals will be on the lookout for vulnerabilities. We need to recognize that cybersecurity is ever-changing and evolving, and we cannot pretend any company is immune to these vulnerabilities and attacks. Becoming a victim of cybercrimes means disruptions and costs that no one can afford. Invest in cyber insurance to protect your business from the weaknesses of cybersecurity.
Find out how you can insure your business is protected against cyber crime at https://www.otcinsurance.ca/cyber-insurance.