Against the backdrop of Coronavirus, both employers and employees need to protect themselves as well as confidential company information. Here are some things to keep in mind to minimize the risk.
While the world is focused on the systemic threat posed by COVID-19, cybercriminals around the world undoubtedly are poised to capitalize on the crisis. More employees are working remotely by the day, and companies may eventually have to function with little or no personnel on-site or skeleton crews in important support functions.
Against this backdrop, both employers and employees need to protect themselves as well as confidential company information. Here are some things to keep in mind to minimize the risk:
Be vigilant: Cybercriminals love a crisis. Beware phishing emails designed to entice you to unwittingly download malware onto your device and the company’s systems. Enable multifactor authentication on whatever accounts you control, and be sure it’s in use for Office 365 email accounts. That step will thwart all but the most sophisticated actors. If you’re suspicious about the validity of an internal company email, contact the sender.
Practice good cyberhygiene: Make sure your devices — including your internet router — are up to date on their anti-virus protection and that you’re using secure and known connections. Avoid the temptation of using Bluetooth in a public place: It’s an easy way for hackers to connect to your device. Follow company guidelines on internet use and use of your own device.
Use only secure Wi-Fi: Only work on secure, password-protected internet connections. If you have to use public Wi-Fi, verify with the owner that the network you’re connecting to is legitimate and secured through a password. Avoid accessing any confidential or sensitive information from a public Wi-Fi network. Hackers will try to trick you by mimicking the name of a secure network, so verify that the one you’re joining is legitimate.
Report lost or stolen devices immediately: Remote work increases the potential for the loss or theft of your devices. Be sure to report any lost or stolen device immediately to company information security personnel to minimize the risk of fraud.
Set up remote access now: If you have personnel who need remote access, get it assigned before an office closure. It is more difficult to issue multifactor authentication tokens to off-site employees who are working remotely for the first time and to install similar technology without physical access.
Confidential information is still confidential: Remind employees to use the same care or more with confidential information as they would if they were in the office. Personal email and laptops should not be used for any company business. If the printed document would be subject to shredding in the office environment, shred it at home.
Update your emergency contacts: Be sure your company has an “out of band” way to contact all employees — whether a cellphone number or other way to contact the employee outside of company systems. For key personnel or senior management, set up a group on a secure texting application such as Signal for use if the systems are down.
Remote access is only as strong as its weakest link. With a strong combination of technology and employee know-how and training, it can be done safely and smartly.
Copyright 2020 Harvard Business School Publishing Corp. Distributed by The New York Times Syndicate.