With the global workforce going remote to stay connected—everything is changing—including Cybersecurity threats. A fresh set of security risks is coming fast with bad actors looking for new ins with more employees working remote.
Security is a growing concern for IT teams as social distancing timelines keep team members remote and online. But even before COVID-19, 86% of business leaders had questions about keeping business data and remote workers secure. And with the crisis putting new types of pressures on organizations and team members, users are more vulnerable now than even a few weeks ago.
Approaches to securing the remote workforce are changing daily with new threats coming into focus including new COVID-19 malware. Hackers are even crashing confidential conference calls, targeting the growing number of companies using conferencing tools like Zoom.
Having the right security strategy has never been more important to your organization.
Here are a few ways to protect your organization against the latest security threats.
1. Run a virtual security training.
Make it mandatory and explain the newest threats to your team and how to counter them with basics like VPN, using their Single Sign-On, and reporting any emails to your IT team that don’t look right. Why? Spam filters aren’t catching everything. In fact, spear phishing messages have an open rate 5-6x higher than actual marketing emails—70% of employees fall for them.
And that number is increasing with more people in social isolation and more receptive to communications from people they don’t know.
Your virtual training should also highlight SMiShing—these attacks via text can become more common with more people looking to connect and current events. Your team members should be on the lookout for suspicious text messages coming soon—targeting their personal information and account numbers with the pretense of receiving their COVID-19 federal relief stimulus check.
2. Test your workforce with a simulated phishing campaign.
The best way to see where you need to improve and push more education is to see what details employees provide that they shouldn’t. Send simulated messages to your workforce leveraging recent events to see how they react. These test runs immediately identify areas where additional training is required and any holes missing in your security policy.
After every training, use another simulation to gauge your team’s company’s progress so you can catch these vulnerabilities before they become active issues.
3. Implement your remote security strategy.
Cyberattacks and social engineering are powerful tools because too many employees aren’t on guard or aware of the importance of data security—even more than usual when they’re dealing with stressors outside of work. It’s absolutely critical to educate your team members on how you are securing them and the business and on the role they play.
Build or finetune your Cybersecurity policy for remote workers. Explain why you’re introducing the policy—the kinds of new emerging threats—and how they can keep the business secure while they work from home. Guide your teams through the high level details before sending the strategy out to all employees to review and sign.
When you create your policy, make sure you start it with a mission statement, (the why), and then distill it to the specifics on security policies across all devices—personal and company-owned.
After launching your security policy, keep reinforcing why compliance is critical and how you’re supporting compliance with tech, coaching and other resources with regular communications.
Need help with your security strategy?
Let’s talk.
Our security experts care. We’re here to quickly and safely guide you to a secure, remote environment. Don’t wait for the situation to escalate, demand is high, contact us now.