The bad guys will undoubtedly try to take advantage of remote workers. Management, IT, and employees all have key roles to play in keeping the company’s systems safe. Aside from making sure that the IT department is staffed appropriately with sufficient resources, management should review the company’s cyber-security policies to ensure that they cover the following (at a minimum): (1) forensic expenses, (2) legal expenses, (3) notification expenses, (4) regulatory fines and penalties, (5) credit monitoring and ID theft remediation, (6) public relations expenses, and (7) liability and defense costs. Policies should also cover attacks or intrusions originating from inside and outside the organization, phishing, and ransomware attacks (which are sometimes excluded). The amounts of coverage required depends upon the type of information your business maintains. For the most sensitive type of information, the costs associated with a data breach can approach $1,000 per individual record accessed.
The IT department should ensure that all systems are properly maintained and up-to-date, that users are equipped with modern protective measures, such as two-factor authentication, and that users are trained in best practices for avoiding attacks, especially social engineering and phishing attacks. This may also require some basic instruction about securing home networks.
Finally, all employees—but especially those working remotely—should (1) watch for suspicious emails and not click on links or attachments from unknown senders, (2) learn how to enable modern security features such as two-factor authentication, and (3) verifying that phone calls, texts, and other types of messages are legitimate. Since spammers are attempting to find legitimate numbers, let calls from unrecognized numbers go to voicemail; if it’s important, a legitimate caller will leave a message, and the employee can then verify the call independently. Particularly when it comes to financial transactions such as wire transfers, double-checking is always a good practice. For more information, contact Brian Jones.