It’s impossible to deny the extent to which the internet is a part of our lives nowadays. Whether for business or social reasons, it has become increasingly normal for communication to occur online. Particularly since the outbreak of the Coronavirus, there has been an extremely accelerated global shift towards remote work. Alternative workplaces have become the new normal, with a combination of in-office and remote employees. Since January and February 2020, there has been a 10% increase in online traffic across 20 different industries. There have also been drastic increases in the use of services that help facilitate working from home, such as Zoom, Microsoft Teams, and Google Hangouts. There is no doubt that this global pandemic has pushed businesses into a digital age and to be even more reliant on the internet.
Although cybersecurity measures are being developed rapidly, cybercriminals adjust even quicker. They grow more and more proficient in breaching security measures and hacking into data. A study by the University of Maryland revealed that hackers attack approximately every 39 seconds, leading to an average of 2,244 times a day.
Even worse, Cost of Cybercrime’s study has shown an 11% increase in security breaches since 2018. Surprisingly enough, people-based attacks have increased the most. It seems that cyber criminals have identified employees as the weak link and are exploiting them as points of entry. Everyone is vulnerable, from high-profile individuals to the average social media user.
Factor in the increased risks resulting from the shift to remote work. There has been a 600% increase in malicious emails, according to a United Nations Chief. Online threats have spiked in general since the outbreak of the pandemic, ranging from phishing scams and data loss to corporate espionage. This is partly because remote employees tend to work on personal devices (phones, tablets, laptops, etc.) that lack sufficient protection. This provides the perfect opportunity for a cybercriminal to access your sensitive data and violate your privacy.
With this new normal, it can feel difficult to ensure employee’s online safety and the security of your company’s data. Obviously there are a few sure-fire ways to increase your privacy online, such as installing antivirus software, creating strong passwords and using a VPN. But besides the obvious, what steps can they take to protect their online data? Here are a few extra precautions your employees can take:
1. Reduce Employee’s Digital Footprints
With all the extra time your employees are spending online nowadays, particularly signing up for new services and creating new accounts, their digital footprint is surely growing. A digital footprint is the data trail created online with every action an individual takes, such as sending messages, visiting websites and providing information to different services. Although you can only control this to an extent, even small actions can reduce the likelihood of identity theft or security breaches. For example, advise your employees to delete old accounts that they no longer use. Even if these accounts are inactive, it’s a good idea to log in and permanently shut them down.
Another way they can reduce their digital footprints is to limit the personal information they provide when creating new accounts. This applies for both work-related services and social media platforms. As much as possible, they should omit details such as their date of birth, address, phone number, email address, etc. Unnecessary exposure provides cybercriminals with identifying information - details they can use to impersonate your employees or access their data.
In March of 2019, Facebook disclosed that it has not adequately secured the passwords of hundreds of millions users since 2012. Sure enough, that December, more than 300 million phone numbers, Facebook usernames and IDs were exposed online. There have been many similar incidents on various other platforms, which emphasizes the risk you take when you trust online services with your personal information.
2. Review App Permissions
It’s not surprising that we use our phones almost as much as we do our laptops - sometimes even more. And when your employees log into work accounts, or access the company database, through their phones, they are opening a pathway a cybercriminal could exploit to gain access to their data. They all probably know to secure their phones by downloading antivirus protection, using biometrics, and more. But what some people don’t realize is that viruses and fraudulent behavior often enter our phones in more subtle ways: through seemingly innocent applications.
It’s quite common for people to download apps without reviewing the requested permissions. There are apps that request access to your files, contacts, location, camera, microphone, and more, when these excessive permissions aren’t even needed for the app to function. Often these unnecessary permissions are used to gather information about you and access your data without your knowledge. Think about it: if you accidentally grant the wrong permissions, an app could have access to your messages (which could include transactions and passwords), your picture gallery, your downloaded files, your emails…
Needless to say, you should make your employees aware of these risks, and recommend that they review these permissions and only allow as much access to their phone and data as is needed. Let them know to be mindful of the apps they download, and be mindful of the risks associated with working from their phones.
3. HTTPS, Not HTTP
One of the most common ways cybercriminals can gain access to your employees information is by tricking them into clicking on a malicious link containing viruses or malware, which happens more often than you might believe. An easy trick to teach your employees is, if they are wary about the legitimacy of a URL, they should take the time to note whether it is preceded by HTTPS or HTTP. This is not a foolproof method for avoiding cybercriminals, but it certainly reduces the risk. While there is only a single letter difference, the difference in security is massive.
If it says HTTP, the site is not encrypted. If they divulge any personal or financial information on a HTTP site, a hacker can easily gain access to and capture any data they provided. However, if it says HTTPS, then the site is encrypted and secure. Even if a hacker manages to intercept any data, they wouldn’t be able to understand it. So, in short, your employees should know to never provide any sensitive information on HTTP sites. And if they have their doubts about a site, they can hover their cursor over the link and check whether it begins with HTTP or HTTPS.
Learning how to identify red flags on the internet can make a huge difference in online safety. Unfortunately, there is usually a lack of knowledge in the office regarding cyber threats. In one study, over 30% of employees did not know about phishing and malware. Offering employees basic cybersecurity awareness training is a great idea. In addition to teaching them to keep an eye out for HTTPS vs HTTP, teach your employees about identity theft, phishing, pharming and vishing, and other common cybercrimes. If they know how to spot key security threats, they will be able to avoid them and any potential consequences.
4. Secure Home Wi-Fi
Maybe your employees feel as if they can let your guard down when they’re working from home, safely connected to their home Wi-Fi network. But being negligent will put their data at risk and eliminate any privacy they might have while online. The first, and most important, thing they should do is enable network encryption. Unencrypted Wi-Fi networks are vulnerable as anyone using the same network can try to intercept the traffic. The hacker invades the Wi-Fi connection without your notice, then captures all the data you transmit over the network.
Often the encryption feature is turned off on wireless routers, so they should locate the encryption settings and turn it on. There are different types of encryption available. The best option is to choose ‘WPA2’ if available, as it implements the latest security protocols and is considered the most effective. It’s also a great idea for all employees to connect to a Virtual Private Network (VPN), even though they might be at home. A VPN will further secure their network and provide them with online privacy and anonymity, so their location and online actions are untraceable.
5. Use A Password Manager
Your employees should know by now not to use the same password for multiple accounts, particularly when it comes to work accounts. This would mean that if a hacker obtained the password to one account, they would have access to all their accounts, all correspondences between colleagues, and all the data stored in the company database. So, the safest thing to do is to create complex passwords for each account that are not connected in any way.
The issue is that nowadays each individual has dozens of accounts: social media, multiple emails accounts, work, entertainment… the list goes on. It’s difficult to remember so many passwords, which is why people often resort to using the same one. The simple solution is to provide your employees with a password manager, which will save them a lot of trouble as it will manage all their passwords and even help them generate new ones if needed. All they have to do is remember one master password, and their data is instantly much more secure. Some popular password managers include LastPass, Dashlane, and 1Password.
6. Two Factor Authentication
Even if your employees generate passwords that are strong and complex, and even with a password manager, there is still the chance that a hacker will obtain your login credentials regardless. That is when they can safely fall back on two factor authentication. Two factor authentication means that after you enter your login credentials, an access code will be sent to one of your other devices, typically your phone. Once you enter this access code, you can enter the account. This is great because even if a hacker knows your password, they most likely won’t have access to your other device, so they will be locked out of the account.
Some of the more popular two factor authentication applications, available on both iOS and Android, are Google Authenticator, Microsoft Authenticator and Duo Mobile. You should strongly recommend that all your employees utilize two factor authentication for their important accounts, particularly accounts linked to the corporate network, through which they can access sensitive data that would put the company at risk if lost (i.e. private business correspondences).
7. Email Encryption
The importance and usefulness of encryption has been established by now. In addition to encrypting their home Wi-Fi network, it is crucial that employees encrypt their emails. This essentially means the content of all email messages is disguised - it is transformed from readable text into scrambled cipher text. Only the recipient of the email can decrypt the message. So, even if a hacker intercepts the email, they cannot understand what is being said.
There are two ways to go about this. Employees can switch to an encrypted email service, specifically designed for data privacy and online anonymity. However, if employees wish to continue using their current email service, such as Gmail or Outlook, they can activate email encryption in the settings. The setup for each service differs, but going through the process is well worth the added security the encryption will provide. Keep in mind that for certain services, such as Gmail, both the sender and the recipient must have enabled the encryption for it to work.
It’s A Collective Effort
There has been an increasing concern worldwide about the security of our online data, and rightly so. The consequences of data loss and breaches of privacy can be devastating, both to individuals and businesses. In one study, 82% of Americans surveyed expressed worry about online security. If you feel similarly, you have the ability to take action. Listed above are just a few tips and tricks you can share with your employees to ensure a higher level of privacy when they are working remotely, and to maintain the security of company correspondences and files. Creating easy-to-follow policies around these precautionary measures - for example, the use of two factor authentication, the encryption of both emails and home Wi-Fi networks, and mandatory cybersecurity awareness training - is a great way to guarantee your employees will maintain a high level of privacy as they navigate the web.
It is also important to remember that this is a collective effort. When someone communicates with their friends, family and colleagues online, they are trusting others with their privacy. It is important that you, your employees and the company as a whole takes action, and makes an effort to safeguard their online data, for maximum efficiency and privacy.