Across the country, employees are settling into their remote work routines. Some employees are using company computers at home. Others are using their personal devices, like desktops and mobile phones, to stay connected. Working from home means more calls and more emails. As a result, employees can experience information overload.
Employers are relying on technology to keep their businesses running. Their employees are still handling key information, but this time using home or public Wi-Fi networks. This can put sensitive company data at major risk.
How can business owners keep their data safe?
On this episode of the WorkSAFE Podcast, we invite an Information Technology (IT) expert to share the basics of cybersecurity during remote work. Tim Myers is an IT Security and Operations Manager at Missouri Employers Mutual. Myers has over thirty years of experience in the IT industry in several different roles.
First, we’ll share the common cybersecurity risks companies are facing now. Then, we’ll talk about the simple mistakes employees could make without the right training – and the consequences. Finally, we’ll share the steps employers can take today to protect their data.
Listen to this episode on the WorkSAFE Podcast, or read the show notes below.
Cyberattacks: The most common risks at work and at home
Any business that handles data online could be at risk for a cyberattack. According to Myers, fear and uncertainty can make employees more likely to do something they shouldn’t.
The spread of the COVID-19 has changed the way many businesses work. Employees are spending a lot of time at home. They are isolated from friends and extended family. “Any time you move someone out of their normal habits or comfort zones, and into a place of chaos or uncertainty, they will be more vulnerable and they will be more likely to make mistakes,” Myers said.
Most want to know when they’ll return back to the office and when things might get back to normal. But for cyberattackers, also called bad actors, these worries present the perfect opportunity. “People are naturally curious about the latest information around current topics like COVID-19, and may have a tendency to click first and question second.”
Risky behavior
Bad actors use many methods to steal information. However, the door to important company data is often opened by employees. Myers shared some of the most common ways data is exposed:
- Phishing emails. These email messages look and sound official to employees. They may appear to come from a trusted news source or company executive. But they often include bad software, or encourage employees to hand over financial information.
- Using work credentials for personal accounts. An easy mistake made by employees is using their work email and password for personal accounts, like online banking or retail. A bad actor who swipes their login information now has the key to their work information.
- Simple passwords. Employees often choose passwords that are simple and easy to guess. Bad actors know this. They have lists of the most common passwords, and can quickly pair them with a login ID to gain access.
- Poor maintenance. When was the last time your browser has updated? Outdated software makes it easier for bad actors to slip into your computer system.
“It’s important to realize that a single mistake can give your credentials away, or open the door to things like malicious file encryption,” Myers said.
A critical hit: The consequences of a cyberattack
Just one cyberattack can stop your business in its tracks. Data can be lost when your computer system is attacked. It can also be encrypted, or hidden using a special code so that it can’t be accessed.
Encryption is like a locked door. “If you don’t have that key,’ Myers said, “It is very hard to get that data back.” Some bad actors demand money in exchange for returning your information. In some of the worst cases, computer systems and equipment are damaged so badly they can’t be used anymore.
Myers gave some examples of cyberattacks causing serious problems for employers. At one company a bad actor changed the bank routing information for payroll. As a result, none of the employees were paid. In another situation, an employee clicked on a phishing email. During that time, harmful data began to make its way through the company’s computer network. It wasn’t discovered until much later. As a result, it did a considerable amount of damage.
Training employees
For Myers, cyber education is one of the main defenses against data risks. Employees need to be responsible for making good decisions about the emails they receive.
Employers should practice cyber hygiene, or key steps you can take to prevent risking your data. For example, keep computers and antivirus software up-to-date. Ask employees to create strong, hard-to-guess passwords.
Educating employees is very important. Training should be fun and engaging for employees. It should also cover real-life situations they might encounter. There a variety of service providers who offer these services. Free and low-cost options are also available. A test should follow any training so you can measure your results.
“If your failure rate is greater than, say, five to seven percent of your employees, you should revisit your training approach,” Myers said. “Speak to your employees about the importance of making good decisions, and continue to train.”
4 ways to protect your business today
With many businesses making major changes to the way they work, cybersecurity may not seem like something to think about. But if you store any of your information online, then keeping your data safe is crucial. Use the following steps to help keep data secure.
- Data security staff. Have an employee focused on data security. If you don’t have anyone who can this, then seek out a local service provider.
- Require multi-factor authentication (MFA). If someone wants to connect to your company network, then you should require a few extra steps. MFA sends a code by text or email – and can stop a bad actor from guessing a bad password.
- Daily backups. Back up your business data frequently. After that, you should practice restoring it. This ensures that you have saved and can access your important data.
- Store data safely. Do you know where your important business information is stored? Keep your data safe and secure. Control who has access to it.
“Bad actors know that businesses are struggling and have many other things on their minds,” Myers pointed out. Now is a prime opportunity for bad actors to take advantage of those who might have pushed cybersecurity into the background. Take steps to make sure your data is safe today.
For more, check out our tips for supporting your employees’ mental health and other episodes of the WorkSAFE Podcast.