Hackers don’t sell a product or a service, they sell information. And information is more valuable than ever. Additionally, they’ve always worked from home! The coronavirus is a dream come true for hackers. In fact, they’ve created ingenious new campaigns to prey on people who are investing less time in cybersecurity to make room for public health best practices and revenue-generating activities.
Even here in Kansas City, where infections are relatively low, employees are scrambling to start working from home. Business owners are working 100-hour weeks to keep their revenue in the black. Who can blame them for not scrutinizing every email or updating their passwords?
We understand that cybersecurity might not currently be your top priority and now probably isn’t the best time to hire us to help with that. So as an alternative, we're providing something else: Do-it-yourself cybersecurity tips for people who are working from home.
Tip #1: Zero tolerance for financial transactions via email
This tip extends far beyond business-related emails. Your employees are working from home (or will be soon) and hopping between personal and professional tasks on the same device. They need to realize that every email pertaining to a financial transaction is a ticking time bomb.
In fact, one of the most popular cyberattacks in March 2020 involved emails asking recipients to click on a malicious link to claim their $1,200 payout from the government’s Coronavirus Stimulus Package. If you have proper data encryption in place, an employee blunder shouldn’t affect company files.
More advanced campaigns send emails to employees that appear to be their bosses asking for a money transfer. Something like, “I just got us an awesome deal on advertising space. Wire me $5,000 ASAP so we can start bringing in new leads.”
How many people on your team would say no to a panicked boss who thinks they’ve found a way to pull out of a revenue nosedive?
Usually, we’d tell you to educate them on how to spot a fake request, but we realize you don’t have time for that right now. It’s easier and faster to send a company-wide email that says: “If anyone asks you to provide financial information in an email, delete it and call that person on the phone.” Simple as that.
Tip #2: Zero tolerance for unscanned email attachments
Are you noticing a theme here? More than 94% of malware is delivered via email and there’s no reason to muddy the waters with explanations of what is and isn’t a risky-looking email. Although cybersecurity training is essential, it can wait until the COVID-19 crisis settles down.
Tell your employees to forward every email with an attachment to email@example.com and change the subject line to “SCAN.” Virustotal will scan the forwarded attachment using more than 70 up-to-date antivirus scanners and send back a report that looks like this:
It’s the quickest, easiest, and most thorough way to verify an attachment’s safety if your office doesn’t already have an email security solution. Virustotal.com also has a URL checker for verifying that a link in an email doesn’t redirect recipients to a malicious website.
Tip #3: Install a VPN
Admittedly, this tip will be our most expensive and complicated tip to implement. You’ll have to pay anywhere from $2 to $5 per employee for an app that you’ll need each of them to install and log in to from home.
If that’s too much to ask, you can scope it down to only include employees who access sensitive company data (Further reading: learn how to reduce threats with the zero-trust security approach).
The app we’re referring to is a virtual private network (VPN), which would ideally be used at all times, but especially when someone is working from home. That’s because accessing the internet via most home networks is about as safe as live-streaming your computer screen on Facebook.
When you type “www.mybank.com” into your web browser and then your account’s username and password, that information is usually sent in plain text across the network. Anyone connected to the same network can see it if they know where to look.
This is especially problematic for Wi-Fi networks in apartment complexes where one tenant is within range of as many as six of their neighbor’s networks.
But when your employees are connected to a VPN, all that’s transmitted across the network is essentially limited to “John is connected to Acme VPN.” He could be watching Netflix, updating company HR records, or torrenting Frozen 2, snoopers would never know unless they could penetrate the VPN’s protective digital shell.
Thebestvpn has the most succinct and newbie-friendly list of VPN services in 2020. Pick one and get started today. Trust us, it’ll be worth it.
Reactive and proactive IT support in Kansas City
Sometimes you need to be able to pick up the phone and tell your IT staff, “My computer’s busted and I need it fixed ASAP.” Umbrella Managed Systems offer that peace of mind and a little bit more.
While our ReOps (reactive operations) technicians are standing by to help with unexpected tech issues, our ProOps (proactive operations) team is staying focused on the long-term health of your IT. Both of those components are critical during crises like COVID-19. Download our free eBook to learn more about how we can keep your revenue safe during tough times.