Phishing attacks are on the rise. Companies are struggling to create work-from-home best practices as they are forced into remote work. And experts think that the lack of preparedness will result in unprecedented numbers of corporate breaches.
So what can you do to make sure your work data isn’t stolen or leaked? Here are some tips from cybersecurity experts:
Set up a VPN
A VPN, or virtual private network, allows a user to send and receive data on a public server as if it were secured like a private server.
“Make sure any communications are using a VPN client, and make sure that own home devices are protected and secured,” said Heather Federman, vice president of privacy and policy at cybersecurity company BigID.
Stop using that same, terrible password
Make sure your passwords aren’t “password123” or some equally insecure equivalent. A bad password makes you especially vulnerable as hackers are targeting home networks.
“Make sure you have high-security protections on home Wi-Fi networks, mobile devices, and desktops,” said Alan Snyder, CEO of NowSecure. “Change your default user IDs and passwords, use long strong passwords, use password management systems to manage these long passwords, and make sure strong security is turned on in your browser.”
Don’t fall for the phish
Don’t open weird emails or click on links in those emails, even if they look like they’ve come from a trusted source.
“During times like this, attackers know that this [the pandemic] is something that’s interesting to everyone,” said James Carder, chief security officer of LogRhythm. “People are searching for ‘COVID,’ ‘pandemic,’ ‘coronavirus.’” Attackers will buy up tons of domain names and masquerade as the Centers for Disease Control and Prevention or the World Health Organization or a state or local government, Carder said. “Just be cognizant of what you’re clicking on and where it’s taking you,” he told Digital Trends.
Talk to your IT team
Be in communication with whoever is responsible for your corporate software infrastructure.
“Talk to whoever’s responsibility it is to find out what should you be doing, what are the best practices,” said Eric Bednash, CEO of Racktop Systems. “It’s their job to know these things, even if [they are] not security experts. IT professionals are generally savvy enough to know what you should and shouldn’t do, and then it’s all about trying to adhere to those policies that they provide.”
Bednash emphasized diligence. “We’re in a situation now where everything moving fast,” he said. Don’t be tempted to be lax with security just because it’ll make things easier. “You’ll think, ‘Oh, it’ll be OK, it’s just this one thing,’ and then next thing you know, that was some intellectual property, or customer info, and a breach as happened.”
For a business owner, have a business continuity plan and a business recovery plan that you have practiced. “If you’re running a company, you have to understand workflows,” said Carder. “Security has to be in the front seat with you as you think about productivity and availability of resources.”
Major security sites like ForgeRock, NowSecure, and Cisco all have their own recommendations for apps and best practices for businesses and employees to check out at their websites.