New work routines require constant connectivity, turning employees and their connections into the links of the company’s cybersecurity chain should be protected the most. Today, many employees connect to public wifi or unsecured networks to check their corporate inboxes or access their corporate files without maxing out their data plans.
These practices, without adopting adequate measures to prevent anyone from eavesdropping on their wifi interactions, can compromise an organization’s information. Accessing unencrypted or insecure wifi networks could allow a cybercriminal, for example, to intercept and edit text files and e-mail messages, obtain contact details belonging to other co-workers, access confidential information, or infect communication devices with malware.
The risk of working using personal devices
In response to this need for hyperconnectivity, or the lack of IT equipment in rushed implementations of remote work arrangement, many companies have adopted the so-called “Bring your own device” (BYOD) policies. These policies allow employees to use their own personal devices for professional purposes. However, these devices may not always be prepared with the adequate security measures. Thus, the corporate information stored in them could be exposed. Also, in the case of telework, employees work using their own domestic wifi networks, many times without worrying about its security levels.
Haste, a bad counselor for security
The sheer volume of email messages employees send and receive every day, plus the little time they may have to properly manage them, can sometimes make it hard for them to stop and think whether they are reliable or fraudulent. Aware of this reality, hackers sometime try to deceive their potential victims by masquerading as a trusted individual or organization.
In these cases, the messages that cybercriminals use to dupe their targets into trusting them may come from their alleged spouse/partner, co-workers, bank or telephone company . The goal? Prompting the victim to perform an action that may compromise the organization’s security by surrendering private information, such as a password or banking information, or infecting the device. This type of attacks can be carried out via email (the so-called phishing), or by telephone (vishing). On other occasions, the victim receives text messages with malicious links or urging them to download some false apps to breach their smartphone.
Turning employees into the strongest link
Fortunately, these habits that, on the one hand, yield substantial benefits for employees and businesses, but, on the other increase the risk of compromising corporate information, can be curtailed adopting a series of safe habits. Below are some of the most effective tips to prevent this new risk scenario:
- Avoid connecting to public wifi networks when handling confidential information.
- If possible, work using corporate devices. Secure your personal devices using an antivirus, and keep it up to date at all times, alongside your operating system and applications.
- Change the name and password of your domestic wifi network. Here we explain how you can do it.
- Analyze all the messages you receive to detect potential phishing or smishing attacks:
- Make sure that all messages you receive are sent from legitimate addresses or telephone numbers.. When not sure, contact the original sender using an alternative method.
- Be wary of messages or links redirecting to login pages or sign up forms, as these may lead to fraudulent websites. Instead, use a leading search engine to look for the original login pages or forms.
- Never share your passwords or allow other users to remotely access your personal devices.
Adopting new cybersafe habits will allow you to enjoy the benefits of new work routines, while preserving your organization’s security levels.
And remember, when it comes to corporate information, you are also the best defense!
If you want to find out the best ways to protect yourself online during the COVID-19 crisis, read the following articles: