Covid-19. If you’re just waking up from an 18-month long nap; first off, welcome back. Secondly, you’re in for a real treat. March of 2020, we saw what most of the population would have assumed was impossible, the entire world shut down. Businesses came to a screeching halt with almost no warning, under the guise that it would only last two weeks. It soon became clear that we would be in this for the long haul and even as things started opening back up, certain restrictions were imposed to maintain social distancing. Some companies were able to roll with the punches and adjust as needed, others were not as prepared. One of the biggest adjustments for our nation's working culture was the “work from home” concept.
Like change typically does, it evoked a multitude of responses from the employees:
“I can’t work from home; I’ll be too distracted.”
“Finally, now I can get some work done without people bothering me at my desk.”
“This is great! Now my dog won’t have to be home alone all day!”
The businesses on the other hand had their own, challenges to face:
“How will I know if my employees are being productive?”
“How are we supposed to have our weekly meeting to prep for these deadlines?”
“Are my employees really putting in a full eight hours?”
Looking back now all those concerns were justified and fair. I think most of them sorted themselves out rather seamlessly after the initial shock wore off, but that brings a couple more questions to the forefront for businesses. Now that vaccines are rolling out and the world seems to be settling down businesses now have to ask themselves: “How do we operate going forward? Stay remote, bring everyone in, or create a hybrid schedule?” If you’re bringing everyone back in, this blog may not be for you (but be sure to check out this blog that is more suited for your situation.) But if you’re staying remote or creating a hybrid schedule, you’re likely asking yourself, “are my employees secure at home?” And if you’re not asking that, you really should be.
According to an OPEN VPN study of 250 IT leaders, 90% believe that remote workers are not secure. And 36% have experienced a security incident due to unsecured remote workers. It’s your classic “look to your left, look to your right, one of you will experience a security incident” scenario.
On the surface, this may sound like a scare tactic, but rest assured it’s not. Risk is something we all face on an individual level and even more so on an entrepreneurial level. If those stats seem alarming the obvious next step is to find ways to mitigate those risks. The most cost-effective and easiest plan of action to implement is Security Awareness Training.
It comes back to mitigating risks and not even allowing that risk to become a factor. 46% of employees admitted to transferring files between work and personal computers when working from home. It’s highly unlikely that those employees who admitted to the act did it in an intentionally malicious way, and it most likely didn’t even cross their minds that it poses a security threat. However, internal threats don’t have to be intentional to cause harm. Sometimes even the most well-meaning employee can do the wrong thing because they lacked the proper training.
Using weak or repeated passwords is something else that can become a problem among employees who aren’t knowledgeable in cybersecurity. Using a work computer at the local Starbucks using their public Wi-Fi, leaving the computer unattended, or even something as simple as having sensitive information on the screen in a public place; they all increase security risks for a company. Companies should take the time and use available resources to teach their employees even the most basic security measures. I agree, all of them seem like common sense, and that’s because they are. But it never hurts to give a friendly reminder about security that protects the company and the employee.
Now, on a more technical side, some steps can be taken, that, when paired with basic security awareness training, build a security plan you can have faith in. It starts with multi-factor authentication. Multi-factor authentication acts as an additional layer of security on top of remote accounts. For instance, when I log into my website manager page, I sign in with my username and password. I am then prompted to enter a six-digit number that is sent to my phone. It takes very little extra time to enter but it adds so much more security.
A VPN is another great way to step up your cybersecurity. A VPN enables you to connect to the internet in an encrypted fashion. Encryption adds security and privacy, which is especially important when using public Wi-Fi. That’s because identity thieves and other cybercriminals often target public Wi-Fi to steal the personal information you send and receive while on those types of networks. Even worse, cybercriminals can set up “public Wi-Fi.” For instance, when your employee is at the local Starbucks thinking they’re connecting to the Starbuck’s provided internet, they could potentially be logging on to a network constructed by a cybercriminal essentially handing him the key to all your company’s or customer’s sensitive information.
I’d like to reiterate the point that this information isn’t meant to scare you or your company. It’s meant to shed light on the risks that can come from your new work culture. It may seem overwhelming at first, but kudos to you and your company for not only adapting to a worldwide pandemic but also adapting to the new changes that arise every day and making sure your information stays safe and secure.