In March, many businesses had to make a sudden shift to work from home, with little or no advance preparation. Marketers that previously commuted into the office are now getting used to the transition of doing the same work from their couch or kitchen table. While the move to telecommuting has its benefits for both employees and businesses, it also comes with risks. Top of the list: cybersecurity concerns.
Because of how rapid the transition was, many businesses scrambled to make sure employees had the bare minimum they needed to do their jobs from home. They didn’t have the time or resources to make sure they were equipping everyone with the means to do so securely. And as a result, malware and ransomware attacks are on the rise.
But it’s not too late to take steps to shore up the cybersecurity of marketers working from home.
1. Educate employees.
To increase data security as employees work from home, “education is the number one thing,” says Harmon Tam, Managing Consultant at the IT firm, Lazorpoint. Many types of cybercrimes depend on the naivete of people. In order to access or infect a device, scammers try to convince users to let them in by clicking a link or downloading an attachment.
And in fact, research from Kaspersky confirms that cybercrimes that rely on human error are some of the most common that companies deal with.
Adding to the risk, Consumer Reports has noted an uptick in phishing scams related to the pandemic, many claiming to be from the WHO, the CDC, or posing as charitable causes looking for donations. Even employees who generally think they’re savvy about this stuff are distracted and overwhelmed right now, and their good intentions to stay informed or help those in need can lead to big problems for the company.
Invest in education. Alert employees to the types of emails or claims to look out for. Advise them to avoid downloading any attachments they weren’t expecting. And a good rule of thumb, according to Tam, is to “verify everything.” Any request you get from a colleague, “don’t just take it at face value, make sure you pick up the phone and call the person to make sure that their request is legitimate.”
Educating employees in a few simple precautions can eliminate a surprising portion of cybersecurity risks.
2. Create clear work-from-home guidelines.
Think carefully about what rules and standards you want employees to follow when working from home, and get them down in writing. Work-from-home guidelines can address:
- Requiring that all employees use a secured WiFi network with a strong password.
- Clarifying what types of software and devices are recommended for work use, and any that are prohibited.
- Requiring the most recent version of every OS and software employees use regularly. Updates are often created to patch up security vulnerabilities so employees should consistently check for and install updates when prompted.
- Having all employees set up automatic backups for the devices they use for work so no valuable data is lost. You may also want to clarify what backup programs to use.
- Providing guidelines for what to share over email, and how to avoid falling prey to scams or phishing emails.
- Clarifying rules for how to send and open attachments in ways that reduce risk.
- Including secure password requirements for all work-related accounts (such as always requiring a combination of letters, numbers, and special characters). You may also consider investing in a password manager for employees to use.
Make sure the guidelines are shared with all employees in a format they’ll review. And occasionally send reminders so the guidelines stay top of mind.
3. Require virus protection software.
Another fairly simple precaution you can require of everyone working from home is downloading virus protection software for their devices. There are even a number of reputable free antivirus options, such as Windows Defender and AVG you can recommend. Or you can go further and invest in a paid service like Trend Micro or Broadcom that provides an extra level of security.
4. Set up multi-factor authentication.
Many business tools provide the option to use multi-factor authentication. What that means is that an employee that tries to access their account from a new device, such as their tablet, will be required to enter a code sent to a phone number or email address already associated with the account.
Set this up as a requirement as much as possible. That way, no one can get into a business account and access data without an extra step that proves they’re who they say they are. It only adds a few seconds to the process of logging into a new device, but provides a much higher level of protection from hackers in the process.
5. Invest in company devices employees can use from home.
“In a perfect scenario, no end users or team members would be doing any work from their home machines. They’d be working from a company-issued device,” says Tam. Obviously, we’re not in a perfect scenario. No one really had time to plan out how to make this shift in the best way possible.
But it looks like we’ll be in the midst of this pandemic for several more months at least, and many businesses are pondering keeping employees remote beyond that point. It’s smart to consider getting your employees set up with company-issued devices sooner rather than later. Company laptops can come preloaded with the main antivirus protections and software products you know people need so they provide a tighter level of security than personal devices from the get go.
You may need to reconsider your budget to make it happen. But providing company devices to everyone working from home is one of the best ways to keep company data secure.
Having whole teams learn an entirely new way of working is a big transition to deal with. It’s understandable if you didn’t have cybersecurity concerns top of mind in the first few weeks of the change. But now that we’ve all had some time to settle into the new way of working and living, take time to get this right. A few precautions now could protect your company and employees from big problems later.