Today, an unprecedented percentage of the workforce is working remotely in an attempt to help slow the spread of COVID-19 in communities across the country.
This is an uncertain time for everyone, but particularly for business owners who may have never operated with a fully remote staff before. One question everyone should be asking is how to ensure business continues as usual – but in as secure a way as possible.
According to the National Cyber Security Alliance (NCSA), global crises often correlate with an increase in cybercrime. Cybercriminals will seize the COVID-19 pandemic as an opportunity to manipulate people based on their fears and insecurities. Lately, these “bad actors” have been sending email, text and social media messages claiming to provide a link to new information about the virus – which, of course, leads the victim to take actions that give the cybercriminal access to their network.
So, business owners need to be ultra-diligent in how they make sure their employees can work from home securely. Hopefully every business already has a pandemic preparedness plan in place, but if not, this is a good time to write one.
Regardless, staff members should be reminded of their company’s cybersecurity policies. If no policies have been written, consider sending a list of cybersecurity tips in the meantime. At minimum, these tips should include the following:
- Make sure your home Wifi network is secured by a strong password. If possible, consider setting up a separate Wifi network for work versus for personal devices, like cellphones, Xboxes, smart speakers and TVs.
- Make sure no one in the household outside of the employee is using the business device.
- Password-protect all accounts with unique individual passwords. Don’t re-use passwords for personal and work accounts.
- Don’t click on any links sent to you by unknown email addresses. Check the email address carefully before clicking any links or downloading any documents.
- Don’t reveal any personal or company information to anyone over email.
- If you do click on a malware link, report it immediately to your manager.
- Remind your employees what is considered sensitive information that should be protected. This includes financial information, proprietary business documents, industry secrets, downloadable products and personal/employee information.
Right now is a great time to review all cybersecurity policy documents – or create them. If adjustments have been made, remote working policy and acceptable use policy documents should be resigned by all employees or by those who are transitioning to remote work, if they have not signed those previously. These agreements help to protect businesses and support employees in the transition from office to remote working.
If remote workers will have to use a computer that is not company-owned, consider documenting a list of pre-approved, downloadable security software to be installed on employee devices. Work with employees to ensure security software is properly installed on each computer. It's recommended that this security software be managed centrally by the business, but if not, employees should be trained (and reminded) on how to keep that software updated regularly.
Business owners should also look into setting up a virtual private network (VPN), which allows employees to work from their laptops at home using a company-owned private network. A VPN offers a business-owned and encrypted location for files to be stored and accessed. Security and reliability are the main pros associated with using a VPN, as they are a single location for all business-owned information.
Having a pandemic preparedness plan is a good idea, too. This should outline the company’s policy, plan and testing questions, and should also include a template for a vendor management letter and any regulatory checklists needed in the midst of a pandemic like this one.
While the CDC has not said how long social distancing and remote work will be necessary, this is an opportunity for business owners to take some time to set up remote work capabilities for their employees, and even evaluate how well employees perform working from home.
The middle of a global pandemic may seem like too late to start thinking about cybersecurity, but when it comes to network protection, it is better late than never at all.
Written by: Jon Waldman
President - SBS Institute
EVP – IS Consulting – SBS CyberSecurity, LLC
SBS Resources:
- {Toolkit} Pandemic Preparedness: This toolkit will allow your organization to have confidence in your ability to handle a pandemic situation. The toolkit includes Pandemic Preparedness Policy, Pandemic Preparedness Plan, Pandemic Preparedness Tabletop – Coronavirus, Pandemic Preparedness Regulatory Checklist, Pandemic Preparedness Vendor Management Letter, Pandemic Preparedness Testing Questions, ISP (Information Security Program) Diagram, Pandemic Preparedness Roadmap, and more. Learn more
- {Video} Hackers Don't Stop for a Pandemic: Tips to Remain Cyber Safe: Many activities in both our work and home lives have been disrupted by the COVID-19 pandemic, but it's more important now than ever to remain vigilant when it comes to cybersecurity. Unfortunately, hackers don't take time off or follow the laws in times of uncertainty, in fact, many times it's the opposite. There have already been stories of COVID-19 hacker activity, including phishing emails, phone calls, malicious data maps, and ransomware attacks at healthcare facilities and financial services organizations, and even a DDoS attack on the U.S. Health and Human Services Department. Follow the five tips discussed in this video to stay cyber safe throughout this pandemic. Watch video.
- {Blog} COVID-19 Notice from SBS CyberSecurity: Due to the COVID-19 pandemic, we wanted to share some information regarding process changes being made at SBS to protect our employees, clients, families, and communities. Read blog.
Related Certifications:
Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click here to view a full list of certifications.
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.