DATA & PHYSICAL SECURITY
Do you use a Virtual Private Network (VPN)? If not, now is the time to implement one. A VPN creates a secure network connection while using a public network, including an employee’s home connection. Hopefully, you already have this important security tool in place. If not, you’ll need to educate employees about why using the VPN is critical to your business.
Assuming you already use a VPN, remind everyone to use it, even when doing non-company work. This is especially true for those using their personal electronic devices to work from home. Without a full understanding of how a VPN works, a remote employee might mistakenly think that it shouldn’t be used when hopping off company work to, say, check on a delivery status. That, of course, is not true. The VPN should always be used. To be effective, a VPN has to be used by everyone all the time.
Additional security reminders include:
- Never share login or passwords with anyone.
- Always save to the network, if using a personal device. Saving locally to the desktop creates a security risk.
- Always lock the computer when not in use. Make sure that when feasible, the screen is not visible to household members walking by.
- Physical records need to be secured.
SOCIAL ENGINEERING
Cybercriminals are adept at getting even the most security-aware individuals to divulge confidential personal and financial information, or in the case of employees, company information. Social engineering is the general term for this and reminding your employees about how it works is always a good idea, and even more so now.
Crooks are working two angles to try to get the information they seek. One avenue they pursue is preying on the natural fear and confusion swirling around the pandemic. A phone call asking for a charity donation should be met with a healthy dose of skepticism. Don’t just say yes. Vet the company before donating. An email with a similar donation request could have an attachment that “explains the good work the charity does” but in reality, it is really a vehicle to deliver malware to their victim’s computer. So, the takeaway? Don’t click on attachment or links.
The second angle plays off the knowledge that with so many working from home, there’s a perceived relaxing of traditional work-home boundaries. Getting a phone call from your company on your personal cell might not seem as odd now as under normal circumstances.
Because of the spoofing technology that’s available, you have no way of knowing simply by looking at the number if you’re talking with someone from your organization or a criminal trying to get you to provide company information.
The simple message to share with those working from home: Don’t provide any information in the initial contact, whether it’s an email, phone call, or text. Instead, exit the interaction and contact your company to verify they reached out to you.
Sharing the above tips with your employees will go a long way to ensuring confidential data about your company and your customers remain protected and secured, whether they’re working from home or when they’re back again in an office environment. For many, that’s a day that can’t come soon enough.
Need professional assistance beefing up your network security? Contact the experts at Higher Information Group.
