If you live in a region that often gets heavy snowfall in the cold months, you’re probably accustomed to driving in some truly nasty conditions just to get to work. Now that Covid-19 has forced many people to work from home, however, that might not be something you’re faced with right now. Sure, you’ve got to go outside and shovel the driveway and scrape ice off your car at some point, but for the time being, you’re working from the couch. While curled up on the couch with a steaming hot coffee mug with snow falling out the window, it might seem like you’re pretty insulated from harm. Not to burst your bubble, but we’re here to point out a few of the ways you might actually be at risk and what you can do to protect yourself.
As businesses initially rushed to make remote work possible at their company, little attention was given to best practices and cybersecurity concerns. Think Black Friday stampedes for Tickle Me Elmo toys. That’s the kind of mad dash we’re talking about, except in this case it wasn’t Christmas-crazed parents tying to buy a stuffed animal; it was a nation of businesses trying to stay open during a deadly pandemic. Much less amusing.
Given how desperate the situation was, you can’t blame anyone for being lax with security protocols. Now that we’ve had months to grow accustomed to working from home, however, it is time to beef up cybersecurity and start treating it like a top priority.
Let’s take a look at some of the reasons cybersecurity now needs to be a priority.
- In the first quarter of 2020, large-scale data breaches were up 273% year-over-year.
- In quarter three of 2020, there was a 50% increase over Q2 in the daily average of ransomware attacks worldwide; during that same period, ransomware attacks in the US increased nearly 100%.
- Between 2017 and 2021, the number of ransomware attacks against health organizations is expected to quintuple.
You may have noticed that a couple of these statistics have to do with ransomware, a particularly nasty type of cyberattack. When it happens, the criminals have gained unauthorized access to your network and encrypted some of your data, typically business-critical data. They then hold this data hostage, demanding a ransom and threatening to leave it encrypted, wipe it, or in some cases even publish it or sell it. We’ve actually written an article discussing whether it’s best to pay a ransom or not, but we think everyone can agree it’s best not to get infected with ransomware in the first place.
Since it’s best not to get infected at all, how can you go about making that happen? Well first thing’s first, there’s endpoint security. An endpoint, as the name would apply, is any device that’s connected to the “end” of a network. Desktops, laptops, smartphones, tablets, servers—all of these are the internet-connected devices on a network, and all of them are potential entry points for a cybercriminals attempting to enter a network. Protecting endpoints is so important that it was ranked as the number one security-related managed services by MSPs nationally according to a report by Enterprise Strategy Group.
One of the main ways a cybercriminal can gain unauthorized access to a network is through phishing attacks. Phishing can take several forms, but generally speaking they are a type of social engineering attack where the criminals on the other end is attempting to trick the target into clicking a link, responding with sensitive information, or otherwise mistakenly or accidentally being complicit. An urgent request for a password from your CEO may be one such attack. Take a closer look before replying; that email address isn’t your boss’s! These attacks are often low-effort and easily to spot (if you know what to look for), but they only need to be successful once for an attacker to get in.
In the office, employees often have company-issued devices and workstations. Since these were procured and distributed by the IT department, they should come pre-loaded with firewalls, antivirus software, email filters that remove phishing emails, and other important security tools. However, many companies simply let employees work from home using their personal devices, either because it was easier and faster or because it was too expensive and complicated to get each person a new device in time.
What can you do?
If possible, have your employees take their work devices home with them. This is more feasible now that the initial, extra-restrictive lockdowns are in the past. Still, it might be difficult to transport some devices (such as desktops) home, so you should be flexible. Letting your employees work on their personal devices is okay and can be a part of a safe, effective work-from-home policy, but there needs to be guidelines. For instance, you can make IT appointments mandatory for all employees during which IT can walk them through installing antivirus software or connecting to a VPN the company is using, both of which will dramatically improve security.
Another thing you can (and probably should) mandate is cybersecurity trainings. As we mentioned, phishing attacks—one of the leading causes of network compromises and thus data breaches—are usually easy to avoid, but one slip up could spell disaster. That’s why, as annoying as they seem, trainings are critical to reducing the success rate of these attacks.
It is also good practice to turn on two-factor authentication for all emails. Two-step authentication adds an extra layer of protection in the case of a successful phishing attack. A hacker does not immediately gain full access to your network because the new log-in would trigger a 2FA alert to the employee’s phone or recovery email. Without also cracking the security on this secondary account, the hacker would be stopped in their tracks.
Another step you can take is to secure your employees’ email inboxes. You can set up a filter that scans their incoming emails and rejects any harmful-looking ones. Even still, some malicious emails may sneak through; for this reason, you don’t want to forget about training. Only by building layers of security can you adequately protect yourself and your business from a diverse landscape of threats.
Staying safe while working from home may seem daunting, but you certainly don’t have to go through it alone. To implement all of these steps at your business, you can find a trusted MSP to help you through the process. The MSP will find solutions that create the layers of security you need, allowing you to work without interruption or fear of cyberattacks.