Many companies have emerged from the pandemic with plans to maintain a hybrid work model going forward. This model allows companies to enjoy the communication, brainstorming, and hands-on management benefits of in-person collaboration while still being able to offer employees the perk of working from home a couple times a week, which cuts their commuting costs and improves work/life balance. But while the hybrid model may be the best of both worlds, companies must take steps to ensure that their flexible work environment does not make them more vulnerable to cyberattacks.
Uptick in Cyberattacks
The almost-overnight shift to remote work in response to the pandemic in March 2020 gave rise to a significant increase in cyberattacks for the year, as bad actors took advantage of vulnerabilities created from people working from home and generally spending more time online. Cyberattacks continued to grow in 2021, with hackers exploiting the increased “attack surfaces” resulting from workplaces being expanded outside of the physical office space. The FBI’s Internet Crime Complaint Center reported a 7% increase in reported complaints over 2020, with potential losses exceeding $6.9 billion.
Employers can mitigate the increased risks of a hybrid work model by adopting and adhering to a strict security policy.
Use Strong Passwords and Multi-factor Authentication
As cybercriminals get more sophisticated, it’s more important than ever for companies to review and make necessary updates to their password policies. Passwords must be unique, strong and complex, consisting of both capital and lowercase letters along with numbers and symbols. Update passwords often – at least every 180 days – and ensure that all employees receive automatic prompts to change their password. But strong passwords are not enough. Companies should also use multi-factor authentication (MFA), which requires the user to enter a code or another form of authentication in addition to a password. This way, if a password is leaked, the second factor will prevent access to your firm’s sensitive data. MFA should be enforced for all users without exceptions. For more information on passwords and MFA, click here.
Keep Devices up to Date
With employees working at home, it is more likely that their company computers will be shared with other family members who may download a virus that can wind up compromising your system. Companies that issue laptops or other devices to employees to use at home should have a policy that prohibits their use for personal purposes. In addition, the company should ensure that any device that is used for work is configured correctly with anti-virus software, firewalls, and encryption tools and the latest updates from manufacturers. The network should also be monitored regularly for unusual activity. Companies can enhance security by working with a reputable Desktop as a Service (DaaS) provider, which will ensure all applications and security features, provide monitoring services, and more.
Limit Access Based on Job Responsibilities
Not every employee in your company needs access to every system. Limiting access to sensitive systems and files that certain employees do not need to perform their jobs reduces attack surface and is part of cybersecurity best practices.
Educate Employees
Cybersecurity requires a team effort between companies, their technology provider, and every employee. With the increased risks associated with a hybrid work environment, companies should impress upon employees that they share responsibility for keeping the company’s systems and data secure. Employee training is not a “one-and-done” endeavor; every worker needs to be educated on an on-going basis about the latest threats, trends, and schemes. Employees also need regular reminding about the basics, such as the dangers of clicking on a link or downloading an attachment from an unknown source. They should be reminded to check for deceptive URLs or email addresses that are similar to familiar names and to only visit secure websites, whose URL begins with https rather than http (the “S” stands for secure). All it takes is one weak link to break the security chain and wreak havoc on your entire company.
Tabush Group is a leading provider of DaaS and Managed IT services for small to midsize professional organizations. For more information about how Tabush Group can support your business needs in a flexible work environment, click here.