Having a strong employee benefits package can set your company apart from other employers who are recruiting high-quality candidates at a time where job vacancies are high and good prospects are highl...
Working from home presents a whole new host of unique information security risks. Although being at home can tend to make people more lax about important information security habits, this is actually a time when we will need to be even more vigilant than usual, as cyber criminals look to take advantage of vulnerabilities.
What can you do to help protect your company, employees, and clients from exposures? In this blog post, we’ll discuss important information security tips and reminders to aid business leaders in ensuring that their sensitive data stays safe and protected.
Think before you click
Be aware that the COVID-19 pandemic presents a prime opportunity for cyber criminals. Criminals continue to take advantage of those seeking information on coronavirus, as they leverage malware campaigns that imitate reputable sources like the Centers for Disease Control (CDC), the World Health Organization (WHO), or your local public health service. The impersonators will ask your employees to click on links or download materials such as outbreak maps, so it is important to remind your remote workers to think before they act. Consider sending out a companywide communication alerting employees about the importance of going straight to the source for information and updates by visiting only reputable websites. If you or any of your employees think they may be the subject of a phishing attempt to obtain sensitive information, be sure to have them alert your security team at once.
Related Reading: Beware COVID-19-Related Scams
Keep web conferencing secure
As working from home has become more prevalent, many organizations and employees have turned to web conferencing and virtual meetings for collaboration and communication. Although web conferencing has proven to be a valuable tool during this time, there are many security issues that can stem from the platforms that host them. Fortunately, there are important steps your organization can take that will help to reduce risks associated with web conferencing. As you and your team members work from home, please keep these tips in mind:
Only use company-approved web conferencing programs
Avoid continued reuse of access codes for meetings, as it will likely become difficult to remember all the people who have received the code over time
If you will plan to discuss sensitive information in the meeting, consider using one-time meeting PINs or multi-factor authentication for meeting entry
Ensure meetings can only begin once the meeting host has arrived
Enable sound notifications for when new attendees enter a meeting, and if this feature is unavailable, ask attendees to announce themselves as they join a meeting
Monitor all attendees listed in the meeting dashboard, and if any members are unidentifiable (e.g., phone number listed instead of name), make sure to identify them
Only record virtual meetings when necessary, and delete the record when it is no longer needed
For web meetings that utilize communication tools, disable any features you will not need (e.g., file sharing, screen sharing, video, etc.), use PINs to help prevent “meeting crashers,” and limit who is able to screen share, making sure to remind them not to unintentionally share screens with sensitive information
Only use company-approved devices, software, and cloud services
Being at home can tempt employees to use devices for work other than those your company has approved. However, such unapproved use can lead to significant information security issues. The same is true for installing unapproved software and mobile apps, as these practices can leave company devices, and, on a larger scale, the company as a whole, open to cyber attacks.
While convenient, cloud-based services such as collaboration tools, storage and file-sharing, and analytics software may expose company information to unauthorized persons. To avoid these serious risks, make sure to remind your remote workforce to only use company-approved and vetted technology.
Get a cyber liability insurance policy for your company
All businesses face cyber risks, and while they may not be completely avoidable, creating an testing a response plan, educating your employees, and obtaining proper cyber liability insurance coverage can help protect your business from the financial and operational dangers of a cyber security breach. Ensure that you fully understand your coverage and policy limits, especially for social engineering threats like business email compromise or CEO fraud.
Jeffrey Julig is Vice President and Chief Information Security Officer (CISO) for SWBC. In this role, he leads a team of security professionals to protect SWBC’s diverse lines of business from internal and external cyber threats. Jeffrey is passionate about information security and privacy and belongs to numerous international, national, and local professional and community organizations. He has a Bachelor of Science degree in Cybersecurity from the University of Maryland University College and earned several of the information security industry’s most respected certifications, including the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Law of Data Security and Investigations (GIAC-GLEG) certifications. Jeffrey attended the Department of Defense Cybercrime Investigations Training Academy (DCITA) and is a certified digital forensics examiner.