For the past few months, stay-at-home orders have extended nation-wide. As a result, companies from Amazon and Google to small local retail stores have embraced working from home. To some, it sounded like an easy solution to work from home in order to stay safe, but many companies had to scramble to prepare their employees for remote work. They faced a major challenge: security.
“Yes, many organizations plan for crises- maybe even a pandemic- but I’d guess there isn’t a single one that envisioned an event that could unfold so quickly and completely shut down offices, forcing employees to work from home instantaneously”- Forbes
Many companies raced to create secure networks such as VPNs or password-protected files and applications that worked outside of the office space. Of course, this transition to remote work was easier for companies that already enabled employees to work from home, but they had to focus on securing their networks for a higher volume of workers.
The greatest threat to company security is phishing. Phishing is the process in which scammers or hackers will send emails pretending to be a reputable source with important information. During COVID-19, many emails have come through in which hackers pose as health organizations with important information. The good news is employees can easily avoid being victims of phishing if they pay attention to email addresses, URL links, and do not reply to emails with personal or confidential information.
Not all phishing emails have bad grammar or simple language. Many are written professionally and sound legitimate, so everyone should be aware.
Next, employers should only be allowed to access company servers or websites through safe networks. Public and shared networks should be avoided as much as possible. Examples of shared networks would be a library, coffee shop, or other public locations. Hackers have the ability to get into a shared network more easily than a private one. As restrictions are loosening, but workers continue to telework, it is likely possible that people will begin to go out to public places for a change of scenery, so employees should be made aware of this possible threat.
Creating a blame-free culture is important. Of course, it is possible for an employee to fall into a phishing trap or use an unsecured network, so they should know who to contact if there is a security issue. Assure employees that speaking up right away will not get them into trouble, but rather help fix an issue possibly before it happens. It is important to educate employees on possible cyber scams, and don’t underestimate how much they do or do not know. The more information shared, the lesser the risk.
So now that we have been working from home for months, what is next?
The cybersecurity experts that were once behind the scenes are now pushed to be leaders and be front and center for their companies. This has proven how important their roles are but also placed new responsibilities on people that may not have the proper leadership skills. So, management will need to spend time nurturing and educating these new leaders, while continuing to support employees that are at home.
Spending more time on securing networks, fixing or recreating emergency response plans and communicating with employees new protocols and methods is extremely necessary. Much like the beginning of COVID-19, there are many unknowns to what our next normal will be. However, with the right leadership and the cooperation of all employees, companies will adapt and thrive in the post-pandemic world.