Businesses must tackle at-home phishing crisis as remote work continues

Working from home

When it became clear to businesses that the COVID-19 pandemic was a significant threat to public health, most realized they had two options.

They could continue with business as usual until the local government shut them down – and put their staff at risk, or they could embrace the technology that makes remote work possible. It was an easy choice; most businesses already embrace some remote operations. No problem, right?

Not exactly. While it’s true that most jobs can be done remotely, as social distancing practices have continued, it’s become clear that home-based workers need access to improved security infrastructure. Without it, company data is at risk from phishing attacks and other cyberthreats increasingly targeting remote workers.

Streamlining The Process

If businesses want to minimize security breaches among remote workers, one of the most important things they can do is to streamline the process for staff. That means, when employees are working from home, companies should consider issuing work-only laptops. If that’s not possible, they can also consider asking staff to create a separate work profile on their personal computer. Segmenting data in this way goes a long way towards securing data. It can also serve as a reminder for staffers to use stricter security protocols – which should also be clearly outlined to ease compliance.

Know The Threats

One of the most common threats facing business data now that staff are working from home are phishing attacks, which typically consist of attempts to obtain sensitive information like sign-in credentials and credit card numbers, and they come in several different forms. Among the most common are email-based attacks, known as email spoofing, and website fabrication, in which attackers develop a page that mimics a trusted platform in order to gather information. Such attacks are up 37% on mobile platforms since the start of the pandemic, and without intervention, they’ll only increase further.

Offer The Right Tools

Dividing business and personal accounts can help minimize data threats for workers using personal devices, largely because users will visit a narrower range of sites and are less likely to suffer a foundational breach, such as a malware attack. Separating off accounts and files isn’t enough, though. CIOs also need to ensure that staff have access to the right security technology. That includes programs like Check Point’s phishing protection programs, which have the ability to detect potentially dangerous emails or fraudulent URLs. Coupled with proper training in identifying potential threats, such programs offer significant protection against cyberattacks.

It’s also worth considering implementing a VPN for use as part of the data segmentation process, but it’s important to be careful. That’s because if a device connected to the VPN is compromised, it can allow malicious traffic to access your central servers. In theory, VPNs provide valuable protection, especially when using an unsecured network, but they’re less useful for workers using their own private networks at home.

Finally, and more important than any software your company can implement, it’s important for CIOs and other leaders to be upfront about potential threats. Just because technology experts know that attacks are on the rise doesn’t mean the average employee has any idea. Share information about the top phishing threats with staff and explain how they can mitigate those risks. It can also help to appoint someone as the contact if anyone has concerns about an email’s authenticity – just knowing that there’s someone to ask can help staff take charge of potential threats.

Workers will likely continue to work remotely in the coming months and may cycle in and out of the office for much longer than that. With that in mind, businesses need to commit substantial resources to digital security because, while remote work is necessary, the increased risks are optional.