Be cyber-secure: Best digital practices for businesses
Ideas to help you protect yourself and your business in the current environment
LAST YEAR, THE CORONAVIRUS CHANGED the way people work and communicate across the globe. While businesses of all types adjusted to rapidly shifting circumstances—and millions of employees rose to the challenge by working from home—cyber criminals are attempting to capitalize on this situation by compromising information and stealing assets through scams.
“Misinformation and uncertainty opened the door for an increase in criminal activity over the past year,” says Craig Froelich, Chief Information Security Officer for Bank of America. “As many people continue to work remotely, it’s important to encourage cyber best practices. Educate your employees to keep their home network and account passwords strong. These two basic steps will improve their cyber security, and help keep work devices safe.”
With many of us working from home, and businesses working to adapt to the new circumstances, it helps to remember the key ways in which cyber criminals try to take advantage of companies large and small.
Phishing messages are emails that appear to originate from known or credible sources, but are in fact from cyber criminals trying to exploit disrupted work environments and gain access to business data. Embedded links also may install malware onto a device.
Vishing attempts — voice combined with phishing — come via your phone. Robocalls are a method used to scam people and businesses out of data and money. Criminals will create a sense of urgency to incite quick responses from their targets.
Employees forced to work remotely may install apps to stay current on news or to streamline work processes. They should make sure to download apps from reliable sources and make sure they do not violate company guidelines if they’re installed on work devices.
As workers and private citizens seek current information, cyber criminals also are spoofing websites that provide updated information about the coronavirus, hoping that visitors will click on embedded links.
“As many people continue to work remotely, it’s important to encourage cyber best practices. Educate your employees to keep their home network and account passwords strong.”
—Craig Froelich, Chief Information Security Officer, Bank of America
Recent cyber crime attempts include:
- A downloadable app for tracking coronavirus cases, which resembles maps created by legitimate public health institutions but contains malware that can infect or freeze devices.
- Phishing scams in which fraudulent emails that appear to come from the World Health Organization, the Centers for Disease Control and Prevention or charitable organizations request personal information or urge recipients to click on malware-infected links.
- Robocalls offering assistance with government stimulus payments, in which personal information is requested.
- Stealing your identity using information available on your vaccine card. The trend of sharing photos of your card on various social media platforms to raise awareness for vaccinations also enables criminals to gain access to your personal information.
Despite these concerns, there are many defenses you can combine with best practices to protect your company’s data and finances.
How to proactively protect your business or employer:
When working from home, only use wireless networks that are secured and require a password. Avoid using public Wi-Fi networks, and never conduct any financial or confidential work over a public Wi-Fi connection. Utilize company VPNs whenever possible.
Conduct all business matters on company-approved devices, especially when working remotely.
Never trust unknown individuals. Verify any communication that claims to be “urgent,” and do not send any information to recipients you cannot confirm as legitimate.
Do not discuss confidential information around your family, and do not allow other family members to use your work devices for recreational use when working remotely. As much as is practically possible, conduct your work in a private space.
Ensure communication validation steps are followed when working remotely to ensure company information and data stay secure.
Don’t delay. Acting quickly after an incident can minimize damage to your business.
Follow your company’s protocols if you think your company device has been compromised.
Document everything about the incident. The more information you have, the better armed you’ll be to assist an investigation by your company and law enforcement officials, and the better prepared you’ll be against future incidents.
Change all passwords that may have been breached.
Contact your bank’s relationship manager to freeze transactions as soon as you can.
Disconnect your device from your company’s network if you suspect you have been the target of malware.