Contact Us Today!   314.394.3001   |   info@andersontech.com
Anderson Technologies
  • Home
  • Services
    • Overview
    • Managed IT Services
    • Cyber Security
    • System Administration
    • HIPAA Compliance Services
    • Ransomware Protection
    • Hardware & Software Consulting
    • Cloud Computing Services
    • Web Design
    • Anderson Archival
  • Industries
    • IT Support for Accountants
    • IT Support for Dental Offices
    • IT Support for Financial Services
    • IT Support for Architects and Engineers
    • IT Support for Manufacturing
    • IT Support for Nonprofits
  • Learn
    • What Are the Biggest Mobile Security Threats of 2020?
    • What Are Mobile Security Best Practices?
    • Battle of the Brands: Microsoft’s Office 365 vs. Google’s Workspace
    • What Does a Firewall Do for a Network?
    • How to Maintain Security When Employees Work Remotely
    • How to Protect Your Data from Ransomware
    • Comparing Mobile OS
    • What Is Phishing?
    • How to Identify Phishing and BEC Scam Emails
    • What Is MFA And Why Do I Need It?
    • How to Reduce Risk and Secure Your Internet of Things Devices
  • Training
  • Resources
    • Free Ebooks
    • Webinar: Cyber Security at Home: Protecting Your Business & Family
    • Newsletter Sign Up
  • About
    • About Us
    • What Our Clients Have To Say
    • Careers
  • Press
  • Blog
  • Contact
    • Contact Us
    • Free Consultation
    • HIPAA Services Inquiry
  • Help
  • Menu Menu

Don’t Take the Bait: Securing a Remote Workforce

June 26, 2020/in Data Security, How To /by Marcia Spicer

With the increase in employees working from home, a comprehensive cyber security plan is imperative now more than ever. Remote access to your business’s network, especially from personal computers and devices, is a weak link in your cyber defenses. This makes the need for comprehensive employee training essential to your cyber security plan. One successful phishing attack combined with remote access can provide bad actors a direct path from your employee’s computer to your business.

Work from Home Safely

For many businesses that suddenly gained a remote workforce, employees are the first line of defense against cyber attacks. Employee education for phishing attacks and basic cyber security measures are essential tools in your business’s defense against a network breach.

Phishing in the Time of COVID-19

While cyber security education has improved employees’ ability to spot phishing attempts, the COVID-19 pandemic opened new avenues for bad actors to exploit in their phishing attacks. The tactics aren’t new. Bad actors continue to trick the distracted or unsuspecting into clicking a link or downloading an attachment, and they continue to target specific individuals for business email compromise (BEC) schemes.

What has changed are the lures used trick the recipient into action. Bad actors have shifted their message to capitalize on the uncertainty around the novel coronavirus. Emails spoofing health organizations such as the WHO and the CDC contain links or attachments that claim to contain information about the coronavirus pandemic. An employee who may know not to click on a random link sent to them in an email, even from a known contact, might not be so careful against a link purporting to inform them about updated COVID-19 news.

Train your employees to be skeptical of all emails or messages related to the COVID-19 pandemic. Most major organizations are not going to be directly emailing individuals. If an email claims to be from an official source, do not click the link, but rather go directly to the organization’s website. Any updated information or legitimate news will be posted there.

Put into place policies and procedures to protect against BEC schemes. Bad actors have tailored their messages to take advantage of the isolation of the remote workforce. BEC attacks rely on the recipient not verifying a request for funds or access with the person or company being impersonated, thus failing to discover that the transaction is illegitimate. Their new tactic to ensure this is to include a note that the requester can’t be contacted due to COVID-19 quarantine, or not to tell anyone so their stated COVID-19-positive status is not known publicly.

Every business should have policies that require all changes to account numbers or unplanned transactions to be verbally verified through known channels (not the email’s contact information) before being enacted. This simple policy reduces the chance of successful BEC attacks from happening in your company.

Bring Your Own Devices

Many businesses don’t have the capital to buy new hardware for their newly-remote workforce. This results in what is referred to as BYOD or Bring Your Own Device. With BYOD, employees use their personal computers or mobile devices to access company data, whether through VPN, web portal, remote desktop application, or software-specific application. This is a cost-efficient option for those working from home, but it comes with risks and can be difficult to secure if you’re not a trained IT professional.

No home network is going to be as secure as a properly set up office network with an enterprise-grade hardware firewall, but there are measures that your employees can take to strengthen their home defenses. Make it policy to ask these basic security questions before allowing employees to work from their personal computers:

  • Do they have a router with WPA2 or higher password protection enabled?
  • If they live with others, do they have their own password-protected profile on the computer?
  • Are all passwords unique and meet your company’s password policy requirements?
  • Can they work in a place where others cannot see company data?
  • Can they limit browser extensions or use a separate browser for work to avoid data leakage?
  • Is their computer operating system and anti-malware/virus software up to date?
  • Have they been trained to identify problems with their computer systems that may indicate infection?
  • Do they know who to call if they suspect their computer may be compromised while connected to your business network?
  • Have they been trained on all work-from-home policies and procedures?
  • Have they been trained in cyber security best practices, including how to spot phishing attempts and suspicious websites?

The computers may belong to your employees, but the data they’re accessing is your business. Make sure to reduce the risk of remote access as much as possible.

Training Is Key

The best defense against compromise is a comprehensive, on-going training plan for all employees. They can’t spot phishing if they don’t know how to identify it nor use strong passwords if they don’t know what’s secure. When employees work from home on less secure networks, it is even more important to ensure they are informed and prepared for any cyber security challenges that may arise. Annual training with cyber security professionals can keep you and your employees up to date on the trends in security threats and how to defend against them. Don’t wait until it’s too late to give your employees the information they need to protect your business.

Cybersecurity-eBook

Our FREE guide for employees details best practices in cyber security!

A remote workforce is a weak link in your cyber defenses, but that doesn’t mean you can’t set it up as securely as possible. Verify security measures and provide the necessary training and policies to keep your employees and your business safe.

If you need cyber security training for your remote workforce, contact Anderson Technologies. We can be reached at 314-394-3001 or info@andersontech.com.

Contact Us

Tags: phishing, work from home
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
You might also like
Learn: How to Identify Phishing and BEC Emails
Consider offering employees a hybrid solution to their work from home choices Work From Home – Who’s Flipping to Hybrid?
Quotables: COVID-19 Have You Working at Home? Check Your Cyber Security! (Ms. Career Girl)
Byte-Size Tech: Employee Training Can Make Or Break Your Cybersecurity
Pink phishing lure Are You Ready to Go Phishing?
Are you working from home with a VPN connection? Byte-Size Tech: Working from Home with a VPN?

Newsletter Signup



Recent Posts

  • Sharing the Work Load: The Case for Co-Managed IT Services
  • Byte-Size Tech: What Is Co-Managed IT?
  • Byte-Size Tech: Essential Tips for Safer Online Shopping
  • Save Yourself A Call: 5 Common Helpdesk Issues and How to Fix Them
  • Byte-Size Tech: 3 Tips for Troubleshooting Before Calling IT

Seeking IT support and managed services?
Get a free consultation today.

Contact Us

  • Home
  • Services
  • Resources
  • About
  • Blog
  • Contact
  • Help
  • Privacy Policy
ATI Logo
Phone: 314.394.3001
Email: info@andersontech.com

13523 Barrett Parkway Dr
Suite 120
St. Louis, MO 63021



© - Anderson Technologies
  • Home
  • Services
  • Resources
  • About
  • Blog
  • Contact
  • Help
  • Privacy Policy
Quotables: Serious IT Considerations for a Post-COVID-19 World (HR Daily Ad... Everyday Complications, and an All-Hands-on-Deck Upgrade
Scroll to top
We use cookies to understand how you use our site. Click Accept to confirm your approval of this, or learn more in our Privacy Policy. Accept Privacy Policy
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

SAVE & ACCEPT