With an increase in online transactions and communications comes a greater likelihood of account takeover and other forms of online fraud. For example; bad actors are already taking advantage of the common problem of password reuse to access sensitive systems on a daily basis. It’s a sad but true reality of our times that this will increase with more virtual interactions, and that attackers will also be actively seeking other ways to capitalize on COVID-19.
- Address Employee Password Security. The proliferation of breach data on the Dark Web makes it incredibly easy for attackers to access sensitive data if employees are unknowingly using compromised credentials and reusing these passwords across multiple sites and applications. This is already a huge security problem and one that’s likely to grow with the uptick in remote working as people will be creating new accounts and online credentials. As such, now is the time to ensure your organization has password screening solutions in place that can alert you—and your employees—to the use of compromised credentials and monitor their passwords on a daily basis. You don’t want to wait until your entire workforce is distributed to discover that your employees are inadvertently laying out the welcome mat for attacker
- Secure the Home. It’s not uncommon for people to practice different security hygiene in the office and at home. Connected devices like smart TVs or baby monitors can introduce a range of vulnerabilities, for example, or children can accidentally download malware on the home network. Encourage your employees to set up a separate Wifi account that they will use solely for business while working from home—not just during the COVID-19 outbreak, but at any point in the future. This is a critical security step but it’s not enough to truly protect sensitive data when employees are working remotely. It’s also imperative that they use their VPN to access any corporate resources whenever they are not physically in the office.
- Encourage Phishing Vigilance. One way I anticipate attackers capitalizing on coronavirus is by feeding into employees’ fear and confusion surrounding the virus and their company’s response. The global pandemic means we’re all in crisis mode, and more likely to click on emails with subjects like “How are you feeling?”, “[Company name] Confirms COVID-19 Diagnosis”, and other headlines that would raise a red flag in less heightened times. Given this, it’s important for SMBs to educate employees on phishing threats and ensure everyone is aware of how to spot them. It may also be helpful to distribute guidance on how your company will communicate about the evolving coronavirus situation so that employees are less likely to be tricked by a fear-mongering subject line.
- Beware of the Workaround. As many SMB employees face the prospect of indefinite remote working, they may be tempted to take copies of confidential data, email them to personal accounts, copy the information to a USB or a similar workaround. It’s important that leadership monitor for these activities wherever possible, and also reiterate the security threat this behavior poses when speaking with employees about COVID-19 contingency plans.
With both the coronavirus pandemic and the national response to the threat evolving on a near real-time basis, it’s impossible to predict the severity or duration of its impact on SMBs. However, it’s safe to say that we can all expect life to be increasingly virtual, at least for the foreseeable future. With attackers eager to profit from this situation, businesses that fail to consider the above and other security considerations in their COVID-19 planning are just as exposed as consumers who neglect basic hygiene best practices.
Michael Greene is the CEO of Enzoic.
Feel like you’re on house arrest? Here’s how to stay sane and productive while you’re home.
Find your workplace: One of the main things about being remote people quickly notice—you have to force yourself to separate work life and home life.
If you have a spare room, make that your office. Do not work from the couch! Schedule your working day with clear start/stop hours and try to commit to them.
Make sure you take breaks. Stretch your legs, go outside for a little bit (maintain your social distance) and see the sun. Many experts recommend you take at least a five-minute break every hour.
Don’t forget this part. Whether it’s with your team, your family or friends, you need to have some social interaction. Some companies [hold] social zoom calls for 5-15 minutes that are not about work. This is a big part of what’s missing when working from home, and it’s an important part of being in the office so don’t forget it.
Getting context is key
Knowing what’s going on is especially hard if you’re working remotely. You will need to take n the responsibility of identifying the water-cooler context and pulling it down into written form. You’ll find t it’s equally effective at identifying and bridging silos of communication as it is connecting remote employees with office culture.
There will most likely be fewer meetings (a good thing!) if you’re working remotely, but there will still be some. Someone should take notes and share them with the team.
Your scheduled meetings will most likely proceed as usual. Be sure to prepare about five minutes before you start, check your setup, microphone, webcam, and internet connection so the meeting will start on time.
It’s important to be very responsive during work hours. Even saying “I’ll get back to you in 15 minutes” is more helpful than not replying for a few hours.