How to Protect Yourself, Your Employees and Your Clients/Customers From New Cybersecurity Risks as More Employees Work From Home

Data breaches are costly, not only in terms of potential out-of-pocket costs for employers, but also in terms of the potential damage to their reputations and brands. IBM’s Cost of a Data Breach Report, released in 2020, estimated the average global cost of a data breach at about $3.86M. When consumers’ personally protected information (PII) is involved, the costs can be even more.

As hundreds of thousands of employees left corporate offices to follow stay-at-home or shelter-in-place orders due to the coronavirus pandemic, employers already challenged to ensure data protection for sensitive employee, customer and client data are faced with even more risks.

Employers aren’t the only ones with security concerns—employees feel the heat as well.

According to research by Nulab, a global software creation company, based on input from 1000 full-time employees, about one third believe that cybersecurity is a moderate to major problem for their employers. They point to the top cybersecurity issues as phishing (29%), malware or virus (26%), hacking (15%), compromised email or social media accounts (14%) and data breaches (13%). Their concerns are not only for their employers, but for themselves (34%), their customer (18%) and their clients (16%).

To address these concerns ongoing communication and education are critical.

Ongoing Communication and Education

It’s not enough to provide training once, or even on an annual basis, to employees in the hopes that this will be sufficient to minimize risk. Communication and education must be ongoing and episodic to ensure employees understand both the risks and their own roles in helping to protect company data.

Some key points to emphasize with employees regularly include:

  • Establish a complex password that contains a combination of upper- and lower-case letters, numbers and symbols—change passwords frequently.
  • Use completely different passwords across various systems and accounts.
  • Store passwords in a secure environment and never share with others.
  • Never access public networks with work equipment (this is a good safety practice for employees to follow with their own equipment as well).
  • Beware of phishing attacks! Never click on a link or open an attachment coming from an unfamiliar email address. In addition, since the cyber-crooks are increasingly savvy and often change just minor elements of an address make sure to check and double-check even emails from seemingly trusted sources.

Get your HR and/or training and development team involved in this process. Data security is not just an IT issue; data security is everybody’s concern—the more parts of your organization that are collaborators in the process, the stronger your protections and processes will be.

Beachgoer, A Case in Point

Beachgoer is an AI-assisted eCommerce startup that leverages big data to make profitable purchase decisions. Founder, Finn Cardiff, says the company was started “with the vision of offering beach products, outdoor products and toys all in one place.”

Even before the pandemic, the company had tapped into its HR team to help with cybersecurity awareness training, says Cardiff. “During this quarantine period when most of us are on remote work status, we’ve reinforced this by having them send weekly email reminders on remote-work security policies,” he says. Some of the key elements in the company’s cybersecurity policy manual include:

  • Email encryption
  • Access to work apps from an external network
  • Creating and safeguarding passwords
  • Social media use
  • File sharing
  • Third-party inquiries management

In addition, Cardiff says: “We have random checks to identify if our staff have complied with our multi-factor authentication requirements. This helps them to be compliant. If employees notice anything suspicious, we require them to report the incident right away to our IT department.” Employee vigilance is key, he says.

In addition to training and ongoing communication, here are some additional steps that employers should take to minimize cybersecurity risk.

Provide Protected Equipment

Even though the vast majority of employees these days have access to their own personal computers, laptops or tablet devices, a best practice for employers is to provide employees with company-owned devices. These devices should come backed up with virus scanners and software and provide the ability to conduct maintenance remotely to ensure virus software is up to date and to scan the devices regularly to detect any potential risks.

Beyond simply providing employees with the equipment needed to work from home, businesses should also take steps to ensure that employees understand—and abide by—requirements that this equipment is used only by them and not by other members of the family.

Limit Access to Only Those With Real Need

Just as when dealing with data access in the typical employment environment where employees are located on-site, employers should continue to limit access to data based on employees’ roles and legitimate business needs. COVID-19 doesn’t change that. Role-based access controls can be used to ensure that employees are only able to see the portion of the company’s overall data that is specific to their jobs.

Require VPN Access and Two-Factor Authentication

A virtual private network (VPN) requires encrypted access. That’s one step, or factor, in helping to protect company systems from potential hackers. Two-factor authentication adds another layer—requiring a second step to gain access like sending an access code via text to an employees’ work-issued cellphone or corporate email account. That means that, even if an employee’s login and password information is compromised, those who have this information will not be able to gain access to company systems.  

Be Even More Hypervigilant About Password Requirements and Updates

Implement or update password policies and requirements to ensure that employees are using unique, long, and complex passwords for each system they will access. A password manager can help with this by generating these unique and complex passwords and requiring employees to change them regularly.

Company data is at risk—on-site and, even more so, through employee access to company data and information from remote locations. The bad guys know this and will quickly find and leverage any security vulnerabilities they may find. The best defense for employers of all types and sizes is a good offense—one that goes beyond strong technology protections to incorporate the potential user missteps that can often leave data and systems vulnerable. Despite even the best efforts, unfortunately, risks may still exist. Companies should make sure that their business insurance covers third-party cybersecurity risk (to include protection of customer and client data) and that this coverage extends to the many employees who are now, and for the foreseeable future, working from home.

Latest

Social Media Influencers: Are They Boosting or Sabotaging Your Business?

In today's digital age, leveraging social media influencers has...

The Longevity of Small Businesses: The Secrets to Success

In the bustling tapestry of commerce, small businesses stand...

Faith in Business: Embracing Beliefs and Defying Cancel Culture

In today's dynamic business landscape, companies are finding innovative...

The Sweet Success of Hot Cakes: A Tasty Tale of Origin & Triumph

In the world of idioms, one phrase that has...
spot_img

Don't miss

Social Media Influencers: Are They Boosting or Sabotaging Your Business?

In today's digital age, leveraging social media influencers has...

The Longevity of Small Businesses: The Secrets to Success

In the bustling tapestry of commerce, small businesses stand...

Faith in Business: Embracing Beliefs and Defying Cancel Culture

In today's dynamic business landscape, companies are finding innovative...

The Sweet Success of Hot Cakes: A Tasty Tale of Origin & Triumph

In the world of idioms, one phrase that has...

Small Business Funding: Understanding Rejections and Securing Approval

In the dynamic landscape of small business endeavors, securing...
Sam Meenasian
Sam Meenasian
Sam Meenasian is the Operations Director of USA Business Insurance

Social Media Influencers: Are They Boosting or Sabotaging Your Business?

In today's digital age, leveraging social media influencers has become a prevalent strategy for businesses seeking to enhance their online presence. However, like any...

The Longevity of Small Businesses: The Secrets to Success

In the bustling tapestry of commerce, small businesses stand as resilient monuments, often overshadowed by their larger counterparts. Yet, their endurance throughout history has...

Faith in Business: Embracing Beliefs and Defying Cancel Culture

In today's dynamic business landscape, companies are finding innovative ways to stand out and connect with consumers on a deeper level. One intriguing approach...