November 30th is National Computer Security Day reminding people to take ownership of their online presence and identity.
We are a device-addicted generation. Global online content consumption nearly doubled this year1, since more people are working remotely and the whole family, including kids and parents, are spending an excessive amount of time online – learning, gaming, shopping, chatting, and watching videos. This ‘always on’ connected society has created new levels of security challenges for everyone worldwide. Cybercriminals are constantly searching for weaknesses in our systems and online activities to obtain important information on your computer including passwords, credit card numbers, and confidential work information. It is more important than ever before that we perform security due diligence to protect our devices and data, to mitigate risks, and to keep ourselves, and our families secure from hackers.
On this National Computer Security Day, let’s take a look at three critical factors that organizations and employees must urgently address to be more effective in protecting themselves from the ever-present cybersecurity risks.
Stay Safe from Email Phishing Attacks
As the whole world teleworks, emails are the primary medium of collaboration between teams and customers, and the biggest security risk as well. A recent report by Mimecast revealed that nearly half (45%) of remote workers open emails they consider to be suspicious while 73% use their corporate devices for personal matters, potentially exposing it to cyber-threats. Even though many organizations have educated employees on how to spot potential phishing emails, cybercriminals are always devising new ways to lure you to click that link.
Other than investing in more sophisticated verification technologies, regular staff training is essential. Here are a few signs that the email you just received is probably malicious: it just feels suspicious, an offer that seems too good to be true, claim that there’s a problem with your account and you must take urgent action, a request to submit personal information, and above all, you note that the senders’ address seems suspicious. DO NOT respond, click on the links or open any attachments. Our mail platforms are trying to get smarter every year but still, the scammers and phishing emails are getting through! Awareness of secure online practices and avoiding threats is our responsibility. FTC.org has some good tips on how to recognize and avoid phishing scams.
Extensively Evaluate & Train Employees on Telework Risks
An attacker needs only one open door in an enterprise’s security, and often, people are the weakest link in defense against cyberattacks. Employees have access to information that is private and sensitive, other than the IT team watching over the corporate networks, it is the employees’ responsibility to be aware and take ownership of their online security to prevent sensitive data from getting in the hands of hackers.
Cybercriminals are already taking advantage of this new distributed work environment. Companies must step-up on employee training and education on the device, network, and information security. National Institute of Standards and Technology (NIST) recommends that organizations develop a telework security policy that defines telework, remote access, and BYOD requirements. A telework security policy should define which forms of remote access the organization permits, which types of telework devices are permitted to use each form of remote access, and the type of access each type of teleworker is granted. It should also cover how the organization’s remote access servers are administered and how policies in those servers are updated.
As an employee, it’s our responsibility to adhere to existing corporate policies on secure device and data usage. We all have to work together to build a secure work-culture that provides us with a strong foundation to make telework a success.
Secure Home Networks
Work from anywhere lifestyle will become more common in the coming months and years. Even though we may not be going out to cafes, hotels, and airports right now, but as soon as we get traveling, let’s not let our guards down. Be aware of using unsecured access points and public Wi-Fi while sharing sensitive information. Hackers can also use an unsecured Wi-Fi connection to install malware or plant infected software on your computer. A compromised device can offer cybercriminals a door into your business, as soon as you connect to your business network.
The security risks of connecting to public Wi-Fi are well known. However, there have been quite a few instances this year of hackers breaking into home routers and changing DNS settings. Not many know that it is surprisingly easy to hack into an unsecured home network if you have never bothered to change your weak Wi-Fi password. To begin with, setting up a strong password for your wireless router is a good step to secure your home network, and if you are still using an old router from 10 years back, it most certainly is the time for an upgrade! There’s a lot of good information online about securing your home network, this comprehensive info on home network security on the cisa.org website is worth checking out. So glad that they have updated the info this year! Also, check out these useful tips at infosecinstitute on how your home network can be hacked and how to prevent it.
Work from home and online learning has risen at an exponential rate this year worldwide, increasing cybersecurity risks and emphasizing the importance of guidance, direction, and policies on security practices for the remote workforce. Since computers and mobile devices are the primary way of communication for the world, let’s put an extra effort today to ensure that our devices and the data are protected from malicious attackers. Maybe now we need a Cybersecurity Training day-off-from-work, to go through a checklist to ensure that we are aware and taking the right steps to stay safe online.