With the increase in employees working from home, a comprehensive cyber security plan is imperative now more than ever. Remote access to your business’s network, especially from personal computers and devices, is a weak link in your cyber defenses. This makes the need for comprehensive employee training essential to your cyber security plan. One successful phishing attack combined with remote access can provide bad actors a direct path from your employee’s computer to your business.
Work from Home Safely
For many businesses that suddenly gained a remote workforce, employees are the first line of defense against cyber attacks. Employee education for phishing attacks and basic cyber security measures are essential tools in your business’s defense against a network breach.
Phishing in the Time of COVID-19
While cyber security education has improved employees’ ability to spot phishing attempts, the COVID-19 pandemic opened new avenues for bad actors to exploit in their phishing attacks. The tactics aren’t new. Bad actors continue to trick the distracted or unsuspecting into clicking a link or downloading an attachment, and they continue to target specific individuals for business email compromise (BEC) schemes.
What has changed are the lures used trick the recipient into action. Bad actors have shifted their message to capitalize on the uncertainty around the novel coronavirus. Emails spoofing health organizations such as the WHO and the CDC contain links or attachments that claim to contain information about the coronavirus pandemic. An employee who may know not to click on a random link sent to them in an email, even from a known contact, might not be so careful against a link purporting to inform them about updated COVID-19 news.
Train your employees to be skeptical of all emails or messages related to the COVID-19 pandemic. Most major organizations are not going to be directly emailing individuals. If an email claims to be from an official source, do not click the link, but rather go directly to the organization’s website. Any updated information or legitimate news will be posted there.
Put into place policies and procedures to protect against BEC schemes. Bad actors have tailored their messages to take advantage of the isolation of the remote workforce. BEC attacks rely on the recipient not verifying a request for funds or access with the person or company being impersonated, thus failing to discover that the transaction is illegitimate. Their new tactic to ensure this is to include a note that the requester can’t be contacted due to COVID-19 quarantine, or not to tell anyone so their stated COVID-19-positive status is not known publicly.
Every business should have policies that require all changes to account numbers or unplanned transactions to be verbally verified through known channels (not the email’s contact information) before being enacted. This simple policy reduces the chance of successful BEC attacks from happening in your company.
Bring Your Own Devices
Many businesses don’t have the capital to buy new hardware for their newly-remote workforce. This results in what is referred to as BYOD or Bring Your Own Device. With BYOD, employees use their personal computers or mobile devices to access company data, whether through VPN, web portal, remote desktop application, or software-specific application. This is a cost-efficient option for those working from home, but it comes with risks and can be difficult to secure if you’re not a trained IT professional.
No home network is going to be as secure as a properly set up office network with an enterprise-grade hardware firewall, but there are measures that your employees can take to strengthen their home defenses. Make it policy to ask these basic security questions before allowing employees to work from their personal computers:
Do they have a router with WPA2 or higher password protection enabled?
If they live with others, do they have their own password-protected profile on the computer?
Are all passwords unique and meet your company’s password policy requirements?
Can they work in a place where others cannot see company data?
Can they limit browser extensions or use a separate browser for work to avoid data leakage?
Is their computer operating system and anti-malware/virus software up to date?
Have they been trained to identify problems with their computer systems that may indicate infection?
Do they know who to call if they suspect their computer may be compromised while connected to your business network?
Have they been trained on all work-from-home policies and procedures?
Have they been trained in cyber security best practices, including how to spot phishing attempts and suspicious websites?
The computers may belong to your employees, but the data they’re accessing is your business. Make sure to reduce the risk of remote access as much as possible.
Training Is Key
The best defense against compromise is a comprehensive, on-going training plan for all employees. They can’t spot phishing if they don’t know how to identify it nor use strong passwords if they don’t know what’s secure. When employees work from home on less secure networks, it is even more important to ensure they are informed and prepared for any cyber security challenges that may arise. Annual training with cyber security professionals can keep you and your employees up to date on the trends in security threats and how to defend against them. Don’t wait until it’s too late to give your employees the information they need to protect your business.
Our FREE guide for employees details best practices in cyber security!
A remote workforce is a weak link in your cyber defenses, but that doesn’t mean you can’t set it up as securely as possible. Verify security measures and provide the necessary training and policies to keep your employees and your business safe.
If you need cyber security training for your remote workforce, contact Anderson Technologies. We can be reached at 314-394-3001 or info@andersontech.com.
We use cookies to understand how you use our site. Click Accept to confirm your approval of this, or learn more in our Privacy Policy. RejectPrivacy Policy
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
In 2022, Hadley and her husband Corbitt decided to return to St. Louis to join the family business. As part of the second generation, Hadley brought fresh perspectives from her time at AT&T and was drawn to helping the company grow the right way by implementing scalable systems and processes, while maintaining the core value-centric culture.
As a Project Manager, Hadley facilitated technical projects and the development of interdepartmental playbooks while gaining a deep understanding of the inner workings of the business operations. Now, as the Project Management Lead, Hadley is known for her driven, process-oriented leadership and her dedication to finding solutions for every challenge no matter how daunting it may first seem.
Born in Yokohama, Japan, and raised in Malaysia and St. Louis, Corbitt developed a unique global perspective. He graduated from Randolph-Macon College with a degree in Political Science and Spanish where he was a member of the men’s basketball team.
Before joining Anderson Technologies, Corbitt built a successful career at AT&T which initially started in the B2B Sales Development Program – a highly-competitive sales training where he was stack-ranked against his 100+ peers based on quota attainment to determine where in the company one was placed. In Chicago, as part of the National Fiber Organization, he became a top-performing sales professional, selling AT&T’s fiber, networking, and cybersecurity services and learning the value of relationship building, perseverance, and grit. Later, as a Senior Sales Solutions Engineer at AT&T headquarters in Dallas, he refined his technical expertise, leadership skills, and consulting abilities.
Currently pursuing his MBA at Washington University in St. Louis, Corbitt blends strategic thinking, technical knowledge, and a client-first approach to help Anderson Technologies continue serving companies and organizations across the country.
