The pandemic has made home the new workplace for many of your colleagues. A familiar environment, but is it safe?
Most work is done via home internet service providers (ISPs), i.e. unsecured routers. Neighbours can listen in on your phone calls and pick up sensitive information. Maybe your life partner also uses the same work device and uses it for other business. In short, there is no other popular place for cyber-attacks like the home of your employees.
Hackers use well-known methods such as phishing emails almost daily. The fraudsters are keeping up with the times and shamelessly exploiting the pandemic. They direct your employees to websites to supposedly sell mouth-nose coverings, medical face masks as well as particle-filtering half masks (FFP) or lead the “victim” to websites to read the latest news (e.g. how to recover from the virus). Hackers even developed an app that posed as the “World Health Organisation WHO”. This app was confusingly similar to the original. It was deceitful and extracted information directly from the user’s mobile phone. Old-fashioned security measures – such as firewalls – have reached their limits in stopping cyberthreats of this kind.
But what can be done? We need to rethink the issues around cyber security so that employees can work safely from a distance.
Unfortunately, it is not possible to completely avoid cyber-attacks. However, not every threat is a big threat per se. It is important that your staff are made aware so that they can take timely action to prevent the most dangerous cyber-attacks. This makes the difference between a successful remote workforce and a vulnerable one. The company is advised to have a “home office policy” in place, because companies have a burden of proof. Companies need a clear procedure in case of data breaches and IT problems.
In order to prevent irreparable and possibly expensive data privacy breaches (according to DSGVO and / or BDSG), we recommend the following courses of action:
Work data remain work data
- Switch off laptops / work devices outside working hours
- Lock screen as soon as you leave the workplace (even if only for going to the toilet and back)
- Lock screen to protect it from unauthorised third parties (flatmates, family members, friends, etc.)
Do not slack on passwords
- It is recommended to use at least twelve characters (including special characters and numbers)
- It is recommended to change the password regularly (every 30 days)
- This is important so that the antivirus software updates itself regularly
- This process minimises the vulnerability of (mobile) devices
Beware of suspicious e-mails
- Do you know the sender?
- Does the message look like spam?
- Employees should delete and report phishing attempts immediately
The best offensive against cyber-attacks is a good defence strategy. This starts with conducting an IT analysis. This is how your company arms itself against data breaches:
- The necessary anti-virus software must be provided by the employer for all end devices, such as laptops
- All employees who work remotely must attend regular (every twelve months) training sessions on information and cyber security. Employees must be informed about current threats in a timely manner.
- Recommend multi-level authentication to ensure that employees confirm their identity via their phones before accessing confidential files.
- set up an encrypted VPN connection to ensure access to secure information
- Appoint a Data Privacy Officer / Information Security Officer to be able to report potential cyber-attacks.