Across the state of Indiana, many businesses have made the adjustment to remote work in response to the COVID-19 pandemic.  But as most of the workforce continues to operate remotely and businesses build out teleworking capabilities to support, an unintentional outcome has occurred – cyberattacks are on the rise. Now, cybercriminals are attacking at a bigger scale and exploiting vulnerabilities amid the current environment that is prime for bad actors.

Here are a few reasons why. As more employees across the state work from home and their children learn from home, they spend more time online on their home networks and are therefore more susceptible to cyber threats. It has also never been easier to purchase malicious software on the internet and attack.  Adding to this, IT teams lack significant visibility into employee activities and network threats.

All these factors mean every organization, regardless of size or industry, is at greater risk. In fact, recently a local school district fell victim to a “Distributed Denial of Service” attack, or DDoS, compromising internet connectivity for teachers, students in classrooms and students attending virtually for two days. With these types of attacks on the rise, and virtual working becoming the norm, safety measures for businesses have never been more important.

To prevent malicious attacks or lasting damage, businesses must take specific measures, combined with the right cybersecurity technology solutions, to keep their business secure. Here are a few best practices businesses should follow:

Consider the worst-case scenario

Understanding the threat landscape and cybercriminals’ goals is important when developing a comprehensive cybersecurity strategy. But it’s just as important to ask yourself what you aren’t thinking of or where there could be security gaps in your current system, especially as cybercriminals continually evolve their approach. Here are a few essential components of a comprehensive cybersecurity strategy:

  • Advanced tools. Businesses require a multi-layered approach to cybersecurity because cyberattacks have become increasingly sophisticated and diverse. First, assess your network’s strengths and weaknesses, then implement the right combination of tools that work best for your needs, such as an antivirus program, multifactor authentication for employees or network security to proactively protect devices that connect to your network.
  • Expertise. Having experts in your corner will help to ensure that your tools cover the full scope of the potential threats to your business. Small to medium sized businesses should consider investing in a managed security services provider (MSSP), but even businesses with in-house cybersecurity teams can benefit from collaborating with an outside provider.
  • Secured personal devices. Mobile devices and cloud-based platforms are now essential tools for the remote work environment. Because these are used and accessed outside of the protection of your business network, be sure to include these platforms in your security strategies or you run the risk of leaving an opening to cyber attackers.
  • Continuous network stress tests. You shouldn’t wait for an actual attack to learn whether your cybersecurity system is in place. Consider creating fake phishing schemes to test your employees or running cyberattack scenarios with your IT team to ensure you’re prepared.

Provide education and resources to employees

Even with state-of-the-art cybersecurity software to protect data, tools are only effective when employees are educated and able to complement them. During this time of remote work, ongoing employee education on the signs and dangers of cyber threats is more critical than ever. Employers should consider a mixed approach of online courses, awareness campaigns and email reminders on how to:

  • Identify and avoid suspicious emails. This will help employees avoid phishing attempts with URLs or attachments programmed to download malware into a network.
  • Enforce strong password policies. Teach employees to come up with strong passwords or passphrases, enforce policies to change passwords frequently and prohibit password sharing.
  • Set browsers to warn users when visiting a site that has been flagged as containing malware.
  • Block downloads from suspicious or unsanctioned sources.
  • Prohibit users from sharing company-owned laptops and mobile devices.
  • Teach users not to access sensitive company data through public WiFi networks.

Implement company-wide “common sense” policies

“Common sense” cybersecurity policies help take employee education a step further. These are designed to reinforce the training that your employees have already been given and help them avoid relapses into bad habits that could lead to breaches.

These policies should be multidimensional and can vary from business to business. Password update policies are a good place to begin, but it’s also important to think about who gets access to what systems and which devices can be used to access systems. If your business works with contractors, consider how you will authenticate their network access and protect their devices. And, if you allow them to use personal devices for work, ensure you monitor, protect, encrypt and wipe these devices when necessary.

As employees continue to adapt to working remotely, the unfortunate reality is that businesses are still not immune to cyberattacks. However, with a combination of the right technology solutions and the implementation of cybersecurity best practices, businesses can better protect employees, assets, and customers from cybercriminals who are taking advantage of the pandemic.