Now that working from home is ‘the new normal’, cybercriminals are only too happy to take advantage of the situation. Many companies have been forced into this mass teleworking unprepared. So how do you keep it safe? We summarise for you the areas in which you should take action to avoid risks.
Cybercrime is a major risk in any case, regardless of the size of your company. Working from home creates even greater risk. This is also evident from reports on the number of phishing emails. In the first corona lockdown, there was an immediate explosion of phishing emails that were clearly attempting to exploit the new teleworkers. A smart move by the hackers, because four in ten companies were not yet familiar with working from home and so often lacked the right framework for organising this safely. In the longer term, working from home and working from multiple locations will undoubtedly continue to be the norm. All efforts in this area therefore make perfect sense.
What needs to be done to make working from home safe? In any case, focus on three important areas: workplace security, raising awareness and policies.
Secure access to the company network is essential for working from home. This means multifactor authentication is a must. Then the user cannot log in with just one password but has, for instance, a combination with a code through a mobile device. The connection itself must also be secure, for example by working through a VPN (virtual private network). Data that travels over an internet connection must be encrypted so that it is unreadable if it were to be intercepted.
Interventions are also required at the end user’s end, such as changing the default login and securing the home Wi-Fi network with a strong password. Moreover, the devices used must always be up to date, with the latest software versions and patches. Colleagues can collaborate remotely and securely through central cloud services such as Microsoft Teams.
Cybercriminals are well aware that end users are the weakest link. This is even more the case with working from home because social control is lost. Since the outbreak of the corona crisis, hackers have responded by sending masses of phishing emails. In the first quarter of 2020, the number of new phishing websites rose by no less than 350 percent!
Do not forget that hackers can infiltrate your company network through an infected PC. So be sure to train end users in working safely from home, for example regarding the correct settings and secure passwords, as well as how to recognise phishing emails. An effective way of making them aware of cyber threats is by using Security Awareness Training, with short online training videos and campaigns with fake phishing emails. These give you a clear insight into risk behaviour in your company.
In many companies, security guidelines or policies are still an undeveloped area. However, it is important to draw up a number of clear guidelines on how end users should work with IT in a secure way. This is even more relevant when working from home.
Such a policy could be used, for example, to stipulate that everyone must set their PC to automatically lock. In this way, children or other members of the household cannot gain access just like that. Your employees also need to be careful with paper documents. So state in your security policy that they must use a paper shredder and that they certainly should not leave documents with company information lying around at home. In addition, it is also important to be careful with video calls. Do not share the entire desktop but just the application and make sure that no sensitive information is displayed.
Provide as much IT support as possible
Your IT staff also need to adapt if end users are often working from home. For example, they can provide advice and support for securing the home workplace. It is important that PC users can easily turn to someone. Communicate clearly what the procedures are and how they can get help.
Need additional help? Following a Security Assessment by Cheops, you will know exactly how securely your company is operating. Afterwards we can make effective interventions where necessary, for example with Managed Security Awareness or with a backup solution in case things do go very wrong.