logo
How to protect your company from cybersecurity threats during the COVID-19 pandemic
2 April 2020

How to protect your company from cybersecurity threats during the COVID-19 pandemic

2 April 2020

The pandemic has forced offices all around the world to adjust to remote working. Unfortunately, remote environments introduce unique security challenges that need to be dealt with.

To help protect companies during this period of unease and uncertainty, we’ve listed our top tips for implementing remote-work security:

  • Utilize secure collaboration tools and set clear communication guidelines

  • Teach your employees to spot phishing and malware attacks

  • Train employees in cybersecurity hygiene

  • Secure your business VPN by turning on multi-factor authentication (MFA)

  • Implement mandatory multi-factor authentication (MFA)

  • Implement a passwordless authentication solution, like Keyless

  • Review who has privileged access to your IT systems

  • Teach employees how to backup data to avoid lost work

  • Teach your employees how to encrypt their data

  • Implement a “lost/stolen devices” policy

  • Have processes for reporting suspicious activity

1. Utilize secure collaboration tools and set clear communication guidelines

Some employees may never have worked from home before, meaning that they don’t have the prior experience to gauge what a “normal” method for communication is from their colleagues now that they are out of the office.

Hackers will no doubt be looking to take advantage of this — and may seek to impersonate members within your organization. Implementing official communication guidelines and using more secure collaboration tools like Slack will help ensure your employees are not tricked into disclosing sensitive information to criminals.

2. Teach your employees to spot phishing and malware attacks

Phishing is one of the top cybersecurity threats to businesses, responsible for roughly nine in ten of all breaches. With criminals looking to exploit public anxiety, coronavirus-related phishing attacks are on the rise, with thousands of fake websites being created daily that aim to compromise the login credentials of remote-workers.

Malware attacks usually come in the form of infected files. If these are downloaded, they can allow a malicious party to control the users device, and can even infect other devices using the same network.

Training employees to detect potential phishing and malware scams is essential to implementing remote-work security. Implementing passwordless authentication is another tactic for securing your corporate systems from malicious takeover.

3. Train employees in cybersecurity hygiene

There are basic measures every remote worker can take to protect themselves and their devices from targeted cybersecurity threats. Some of the most crucial yet simple things you can teach your employees are: the benefits of multi-factor authentication (MFA) and how to enable it, how to secure their home networks and smart devices by changing the default passwords, and why regular software updates are a must.

4. Secure your business VPN by turning on multi-factor authentication (MFA)

If your employees aren’t already using a VPN to access your company’s private systems, then they should be.

A VPN, or virtual private network, is just that, a private network. VPNs reroute all web activity so that it passes through a private network. These are generally protected with robust security systems. Generally speaking, VPNs are far more secure than any network your employee may be using while they work from home.

5. Implement mandatory multi-factor authentication (MFA)

If you haven’t already, you should make multi-factor authentication (MFA) mandatory for all of your businesses systems. While it may be frustrating for employees to continuously authenticate throughout their working day, MFA is a critical defence against hacks and unauthorized access to your company’s systems.

Keyless offers seamless, biometric authentication. You can read more about it here.

6. Implement a passwordless authentication solution, like Keyless

Keyless offers military-grade biometric authentication solutions for the enterprise. Our solution eliminates passwords, allowing employees to access business systems and applications by using their unique biometrics.

Eliminating passwords helps minimize the consequences of phishing attacks, as criminals no longer have passwords to steal.

Our platform is designed to be ubiquitous — meaning it can be integrated with all operating systems, and can be installed on any smart-device with a built in front-facing camera.

7. Review who has privileged access to your IT systems

Unfortunately, most cyber attacks launched against businesses are perpetrated by employees. That’s why it’s an important time to review who has privileged access to your corporate information systems, and limit all unnecessary privileges where possible.

A privileged user is someone with a relatively high level of access to a company’s corporate information systems. Usually employees with privileged access system administrators, database administrators, developers, architects, application owners, and IT managers.

8. Teach employees how to backup data to avoid lost work

Unfortunately, when employees work from home there is a risk of important work being lost, whether due to system crashes or misplaced devices. Consider investing in automated cloud-based backup and recovery systems for the time being. This will help ensure that important work and systems changes aren’t lost.

9. Teach your employees how to encrypt their data

With employees now working from their personal devices, it’s likely that there will be some point in time that your private files will end up on their personal computers or mobile devices. This poses a big security risk if the computer is somehow taken over by a malicious party.

That’s why it’s important to teach your employees how to encrypt their “at-rest” data.

Most modern devices actually have in-built encryption functionality. For Mac’s see this link, for Android devices, see here and for Windows, see here.

10. Implement a “lost/stolen devices” policy

If an employee loses their personal device, they may not think to tell you. The failure to report a lost/stolen device can put your company at significant security risks, and is considered failure to report a data breach in some jurisdictions.

It’s important to remember that data-privacy laws are still in effect. In most jurisdictions, you only have 72 hours to report a data-breach before you risk being fined. having to pay hefty fines. To help protect your business against the significant financial and reputational costs of a data breach, it’s important to implement processes so that your employees report any potential breaches as soon as possible.

11. Have processes for reporting suspicious activity

Perhaps your employee got a suspicious email, or a strange phone call. Perhaps they opened a link. Whatever it is, you should not only train your employees to spot potential threats, you should implement processes for reporting them.

It’s likely that hackers will target multiple employees in an organization. Having such processes in place will help your security teams investigate and intercept attacks sooner.

Conclusion

While a rushed transition to remote-working environments may have caught many businesses off-guard, there are simple steps that your business can take to safeguard your corporate systems while working from home.

Get In Touch

Find out how our private-by-design MFA can help your organization prevent ATOs, improve UX, and protect your bottom line.