In the wake of the COVID-19 crisis, much of the workforce has shifted to working remotely, with many workers operating out of makeshift “offices” they created in their homes with little or no warning. Along with this remote work comes an increased cybersecurity threat. We recently issued a client alert to raise awareness about and help companies overcome these evolving challenges. The full alert can be found here. For the sake of brevity, however, we offer some quick tips below:
1. Encourage employees not to conduct business (unless previously authorized to do so) from their personal email accounts and provide clear and simple instructions for logging into their corporate accounts from home. If you haven’t done so already, now is the time to enable two or multi-factor authentication.
2. Discourage employees from saving sensitive business-related information on the hard drive of their personal computers or portable media (unless provided by the company and, where possible, encrypted) or cloud-based storage sites that have not been pre-approved.
3. Pay attention to paper! Employees should use the same caution with paper documents at home as they do at the office, especially those employees who handle confidential materials, personally identifiable information, or personal health information.
4. Employees should use caution when sending confidential materials via email. Where possible, they should use only secure file transfer programs.
5. Make sure the devices your employees are using have the latest operating system patches, firewalls, and antivirus software installed. Make sure they use caution when logging in remotely and are not conducting sensitive business on public WiFi.
6. Now would be a good time to update (or draft) your information security policies, incident response plans, and remote access policies and make sure your employees are familiar with them.
7. Phishing attacks and other scams always rise in times of crisis — make sure to warn your employees about the risks and pass along these tips for safely opening email:
- Always check the sender’s email address.
- If the address looks like an internal company email, check for an “external sender” tag if applicable.
- Make sure that the greeting in the email is not generic — i.e., “Dear Valued Customer” or “Dear Sir/Madam”
- Hover over the hyperlink in the email to check the address of the website. Sometimes the links will not match the text.
- Poor grammar and layout are good indications of a possible phishing attempt.
- Do not open attachments included in emails until you confirm it is legitimate. A cybercriminal can use these attachments to install malware on your device.
- Never provide personal or financial information in an email or a phishing link contained in an email.