3 Cyber-Security Best Practices for This Year – Whether You’re Working Remotely or in the Office
As remote work continues to gain popularity because of its convenience for employees, reduced overhead costs for businesses, and advancing technology that makes communicating and collaborating remotely easier than ever, cyber criminals are continuously evolving their methods to take advantage of unsuspecting remote workers and businesses.
This year, it will be essential for businesses to understand where they are most vulnerable and ensure they have the proper IT security measures in place to minimize the risk of a cyber-attack. For employees working remotely and potentially handling sensitive and confidential information, we recommend following these practical steps that can keep your organization’s information safe.
The importance of cyber-security employee education and training
In the Keeper Security and Ponemon Institute 2020 “Cybersecurity in the Remote Work Era: A Global Risk Report”, only 43% of respondents say their organizations currently inform and educate remote workers about the risks of remote working.
For information security policies and procedures to be executed properly within an organization, an IT team can set up all necessary protocols, install the latest and most cutting-edge software, and employ the latest malware applications – but all of it will mean nothing without investing in employee training and education regarding information security.
For the typical mid-size organization that operates with in-office and remote employees, or perhaps a hybrid of the two, it’s equally important for employees to understand what the security policies are and why they exist. How can employees secure proprietary data and digital information using the tools and resources they have been given?
Many data breach studies show that employee error is the leading cause of data loss or a cyber-attack. Sometimes even well-meaning, computer savvy employees still fall victim to a sophisticated phishing scam, clicking a bad link in an email, or even forgetting to shred secure information. Even though these errors are accidental, they still have severe consequences like loss of client trust, damaged professional reputation, stolen information, and potential fines or legal action.
Develop a well-defined information security policy and make sure employees understand their role in cyber-security by hosting a training seminar to review any changes or new information once a year.
Beware of the low-hanging fruit for cyber criminals – Ransomware
According to a recent Trend Micro report, a staggering 84% of US organizations experienced either a phishing or ransomware attack in the last year. And criminals aren’t stopping any time soon in 2022. There’s a new business model emerging in the cyber-attack world, and it’s called Ransomware-as-a-Service (RaaS). While this may sound like someone is playing a cruel prank using a play on words similia r to SaaS, this new trend is unfortunately gaining popularity among cyber criminals.
The goal of Ransomware-as-a-Service is for ransomware creators to lease out their malware concepts to others for a monthly price or percentage of profits. Those that purchase the malware from someone else and deploy it themselves. The criminals will even higher “negotiators” to extort or pressure victims to pay. With the chain of criminality branching out a developing a similar look to the corporate structure of any other business, it’s difficult for authorities to catch these criminals or pinpoint the origin of the ransomware.
While we hope nothing like this ever effects your business, it’s important to be prepared and to have measures in place as part of your risk management strategy. We recommend implementing a robust backup strategy for al company data. The more frequently you back up your data, the less you’re at risk to lose it.
One extremely effective and secure method of data backup is to store data backup tapes with an offsite data vault storage provider. Data vaulting is the safest way to ensure your confidential information is safe from hackers – even more secure than cloud storage.
Continue to update you Information Security Policy annually
We understand that the technological world, the internet, cyber-attacks, and remote work styles are constantly evolving – and that every company is doing the best they can to protect confidential information in all aspects. It can feel overwhelming at times trying to decipher tech-speak and stay updated on the latest vulnerabilities.
- Test employees quarterly with a simulated phishing attack. It’s been proven that exercises like this can help employees develop an awareness for phishing scams and learn to recognize the characteristics of these attacks.
- Change default passwords. This is one of the simplest, yet one of the most overlooked, pieces of a security policy.
- Secure you cloud. This is an important one! Be careful about overly generous administrative cloud privileges in your cloud accounts. Ensure access is limited to a few essential employees. Many automated cloud workflow solutions allow you to set permission limits and designate password requirements to minimize the risk of unauthorized access.