In March 2020, the World Health Organization declared the coronavirus that causes COVID-19 a pandemic. A move that increased the number of employees working from home – also after the pandemic. But, when millions of workers are signing in remotely to corporate networks, there is also another threat: Cyberattacks.
While employees in this new remote work situation will be trying to stay connected with colleagues using chat applications, shared documents, and through conference calls instead of physical meetings, many are probably not vigilant enough of the risk of cyberattacks.
Out of control?
At the same time as more people are working from home or remotely, the Hidden Statistic report 2020 was recently released and it presents some alarming results.
The report shows that 59 percent of the Norwegian companies that have been victimised of cyberattacks in 2019 identified the incident by chance and not because of well-established routines, policies and security frameworks. This is even though seven out of ten organisations say that they have a framework or management system for information security.
“These results points out that security is a topic that everyone in an organisation must take part in, and continuously must be on the top management agenda”, says Head of Security in Admincontrol, Ole Martin Refvik
Must follow the company´s guidelines
Refvik stresses the importance of being careful specially now when more and more people are working from home or remotely.
“It is crucial to follow the company´s security guidelines when working out of the office. By taking certain precautions, you can reduce the chance of your company suffering a data breach or becoming a victim of a cyberattack. This is especially important to remember these days”, Ole Martin says.
Here are Ole Martin Refvik´s tips and tricks on how to avoid cyberattacks when working from home or remotely:
Since you are now likely to work outside of your company office, you must ensure that you have a secure connection. The best method is to use a VPN (Virtual Private Network) service that protects the traffic from your computer to your corporate services. Most likely your company provide such a service, so if you don´t have this make sure you get it.
Use your company devices for work-related tasks
Your work devices are usually equipped with additional security solutions and integrated protection that are quality-assured by your IT department. This way your IT department can ensure that the device is updated and protected against the most typical cyber threats. That’s why you should use the device your company has provided to perform your work-related tasks.
Use cloud services approved by your company
Cloud services are a great way of sharing sensitive documents, performing online meetings and virtual collaboration. Since you now need to connect with your colleagues and business partners from a remote location, this is exactly what you need. But keep in mind that the security level of such services can be very different based on the services they provide. Enterprise cloud solutions have much greater security than free solutions. Therefore, always check with your company which cloud services are ok to use according to the security level of your organization.
Don´t let others use your work device
As your work device is recommended for work purposes, you should not use it for private stuff. Don´t mix private and work as this might expose your company device and information to greater risk. Moreover, you do not want private information to end up in your company backup’s, as your device most likely is backed up or monitored in some way. It could be a threat to your personal privacy if you use it for private matters.
Don´t be tricked by Phishing attacks
Cybercriminals take advantage of the current situation and there have been reports of phishing attacks by cybercriminals pretending to provide information about COVID-19 as a way of luring you to click on links leading to malicious websites. Be attentive and follow only advice from government entities and other trusted parties where you can verify the identity.
Read more about what phishing attacks are and how to avoid them in blog post: How to watch out for phishing emails
Don’t share sensitive information by email
Make sure you don’t get tempted to send out sensitive information by email when you are working from home. This is not smart because emails are not encrypted but transmitted in clear form. It is easy to lose track of email and you are likely to use lots of time looking for the information. Sending an email to the wrong recipient is a “crime” most of us are guilty of from time to time.
Secure Collaboration with Admincontrol
Since you might need to connect with your colleagues and business partners from a remote location the next few weeks, it is important to install safe collaboration tools. Admincontrol offers two different solutions, Board Portal and Data Room, where you can collaborate and share documents securely. Both products also have a built in Secure Messaging module which provides a dedicated channel specifically designed for sharing, discussion and interaction concerning sensitive documents and business critical information.
At Admincontrol we have recently been looking at these issues in depth and have produced a handbook for boards on how to mange the impact of hybrid working on cybersecurity.