As remote working becomes the norm since the beginning of the coronavirus, cyberattacks have increased fivefold.
Unfortunately, most businesses transitioning to a remote working environment are unprepared with lax security measures and little cybersecurity training. A recent survey showed that only about 33 percent of companies have written cybersecurity policies, and only 27 percent require staff to attend cybersecurity training.
This is where an L&D professional can help. By educating employees about cybersecurity, companies can drastically reduce risk as most security breaches often occur through employee accounts.
Read more: The role of L&D in developing a culture of security at work
Here are some of the top cybersecurity safety measures your team should abide by to reduce the risk of security breaches:
Only use approved company software
As more companies become remote, businesses are relying heavily on various software to help improve processes. Unfortunately, not all technology is safe, and using an app with weak security could result in a security breach.
For example, a company’s standard video conferencing software might be Zoom. However, if an employee is having trouble with Zoom’s technology, it might be tempting to switch to a different video conferencing app.
Read more: Top 5 ways L&D professionals can avoid Zoom fatigue
If the app has weak security, it could make the company vulnerable to various attacks, including meeting bombing (the attacker secretly listens to your meeting), malicious chat links (the attacker steals credentials), or even malware and zero-day attacks.
Avoid unsecured networks
In addition to using only approved company software, it’s important that employees only browse secure websites and networks. Unfortunately, roughly 60 percent of people mistakenly believe that their information is safe on public wifi.
Public spaces with free wifi, such as hotels, coffee shops, and libraries usually have unsecured networks and should not be used for work.
If an employee is using an unsecured network, it’s not very difficult for hackers to access sensitive information and steal data. For example, most hackers use so-called “Man-in-the-Middle” attacks. They enter your browsing session through a security flaw in the network and steal sensitive information.
Some cybercriminals create their own rogue hotspots in public spaces to lure users into them. If you connect to a rogue hotspot, the hacker can easily access your personal information.
However, public wifi isn’t the only unsecured network. Employees working from home should also check that their home networks are secured. If the router is using a WPA2 for the wifi key, it is secure. Most new routers come with a WPA2, but if not, check that it is not a WPA, or worse, WEP.
Avoid unsecured websites
Similar to unsecured networks, unsecured websites are also a common cybersecurity threat. While most of these websites are not malicious, they do lack end-to-end encryption. This makes it easy for hackers to steal any information entered into that particular website (passwords, codes, credit cards, etc.).
Employees should learn to look for the padlock sign next to the URL of any website they are visiting. Secure websites also have an HTTPS rather than an HTTP URL. Check for these signs before handing over any sensitive information.
Google has also made strides to protect users by ranking unsecured websites lower than secured websites. It’s proving to be successful with 51 percent of websites now using HTTPS, but it’s important that employees still understand the difference between a secure and unsecured website.
Avoid sharing passwords
One of the most basic cybersecurity measures a company can take is to encourage employees to avoid sharing passwords.
While sharing passwords is a well-known cybersecurity risk, many employees helping contractors, freelancers, or other non-employees in a rush often choose to give out their own password.
Unfortunately, 80 percent of hacking-related breaches are tied to passwords. Even worse, most companies don't realize they've been subjected to a data breach until it's too late.
Even if the person employees give the password to has no malicious intentions, sending passwords or codes over the internet is dangerous and can be easily intercepted.
Consider using a password vault such as KeePass to send passwords securely. Never allow employees to email passwords unencrypted (even if it is a password dedicated to a new user). If you choose not to use a password vault, at least have a protocol to give passwords verbally.
Establish a security concern protocol
Cybersecurity attacks are not a question of if, but rather of when. In 2018, about 62 percent of businesses experienced either phishing or social engineering attacks. With the Coronavirus, that number is expected to rise even more.
Establish a security concern protocol that encourages employees to reach out immediately if they suspect their account has been hacked. The protocol should include who employees should reach out to, how management will alert the rest of the employees, and how to form a plan of action.
By creating an efficient protocol, the business will be able to catch the problem faster and minimize damage.
Ninety-five percent of cybersecurity breaches are due to human error. The good news is that by educating employees, you can drastically reduce the number of cyberattacks your business experiences.
Most attackers are looking for the easiest businesses to prey on, so even if you make your cybersecurity a little bit tighter than other businesses, you’re off to a great start.