COVID-19 and the global transition towards work from home have also brought a steep rise in cybercriminal activity. Over the past year or so, organizations have been rapidly deploying remote systems and networks to support their staff, creating a multitude of new vulnerabilities that criminals use to steal data and generate profits.
Unsurprisingly, this has made many IT professionals uneasy – Based on a global study released in 2020 by Ponemon Institute LLC and Keeper Security Inc, only 44% are confident in their organizations’ ability to fend off cyberattacks versus 71% pre-pandemic. Many remote workers are still working on unsecured personal devices on home networks that lack the enterprise security that can be found in most offices. As a result, Remote workers are often left vulnerable and are typically the first ones to face new security threats.
This begs the question: As we find ourselves moving towards an increasingly decentralized work environment, how can we keep ourselves protected from the growing threat of cyber-attacks?
1. Learn How to Spot Malicious Emails and Phishing Attempts
One of the main ways cybercriminals have been capitalizing on the transition towards remote work is by flooding inboxes with fake emails. These will typically appear to come from a trusted organization or authority figure in an attempt to lower your guard and extract sensitive information. More recently, these phishing attempts have begun to prey on our fear and uncertainty towards COVID-19 – We’ve seen an uptick in emails and social media posts disguised as coming from legitimate health authorities and government departments.
Fortunately, most phishing attempts can be prevented through proper user training and security awareness. Here are some things you should pay close attention to if you suspect that an email or social media post might be a scam:
- Sender Name and Address: Who is sending you the email? If you receive an email and you do not recognize the sender, the safest thing to do is to leave it unopened.
- Spelling of Subject Lines & Email Content: Does the language make sense? Is there proper grammar? Is the email written in a different style than usual?
- Be Suspicious of Urgent Language: Are they asking you to transfer funds or share information?
- Do not Click on Links from Unsolicited Emails
2. Best Practices for Passwords
A strong password is your first line of defense against a would-be cyber-criminal. Taking the time to ensure that you have a strong, secure password ensures that you are protected against Brute Force and Rainbow Table attacks.
Here are some things you should keep in mind when creating and storing your passwords:
- Use Different Passwords for different accounts & devices
- Make your passwords as complex as you can
- Store carefully and never share with anyone, even family
- Avoid using easily guessed passwords, common expressions and personal details
- If you’re having trouble remembering all your passwords, try a Password Manager
3. Device & Employee Management
Remote workers will access company data from a variety of different devices – Most people have access to a laptop and a cell phone at the minimum. With this in mind, it is crucial that an organization knows exactly what equipment is being used and by whom. Having an up-to-date inventory of devices and their users is critical to safety monitoring in today’s new workplace.
Similarly, it may be beneficial to implement a Bring Your Own Device (BYOD) and Mobile Device Management (MDM) policy so that everyone clearly understands how mobile devices should be used and secured within your company. Proper education and security awareness training for employees will also help ensure that users are better protected from a range of attacks.
4. Use Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is a method that provides an additional layer of identity verification by requiring an additional item of authentication when logging in (e.g. Password + Token, or Password + Fingerprint). MFA effectively acts as a safeguard that reduces the burden placed on IT teams while effectively protecting employees working remotely.
While MFA seems like a straightforward enough solution, in practice many organizations have been hesitant to implement MFA due to the perceived hassle and inconvenience associated with waiting for an additional authentication code before logging in.
Easy Multi-factor Authentication (MFA) with Stratejm
If you are looking to implement MFA for your own organization, it may be worth partnering with an established IT security services provider like Stratejm. We make MFA implementation and management easy with our convenient, highly flexible, and highly scalable MFA solution.