As businesses adopt work-from-home policies in response to the challenges brought on by COVID-19, company cybersecurity should not be compromised.

Due to the lack of security protocols that exist in a corporate environment, cybercriminals are able to take advantage of the lax security in employee’s home networks. Criminals know that companies may not have yet deployed measures that ensure corporate-owned devices are secure, whether they are connected to an enterprise network or a home WiFi network.

During these extraordinary times, business leaders must work with their security teams to identify risk areas exacerbated by more employees working from home. They are responsible for ensuring that all critical business applications are protected and that all corporate-owned and managed devices are equipped with security capabilities in a remote environment.

Potential Cybersecurity Threats

According to ImageQuest, a Nashville-based cybersecurity services provider, employees working from home should use their company’s corporate Virtual Private Network (VPN) to connect to the office. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that some free and personal-use VPN services store unencrypted login credentials, which provides a unique opportunity for theft. Hackers could use these log-in credentials to steal confidential and valuable information.

Moreover, CISA expressed concern that the volume of people using VPN services could result in limited bandwidths and server unreliability. Additionally, a remote worker hurrying to meet a deadline might bypass a VPN and simply login without performing the necessary security checks.

Cybercriminals are capitalizing on the current climate to steal credentials via unsecured networks. Providing cybersecurity services in Louisville and Bowling Green, ImageQuest recommends that remote workers should use an authentication app from companies such as Duo, Authy, Microsoft, or Google to minimize incidences of data theft.

There’s another epidemic spreading online: COVID-19 related phishing attacks are on the rise. Phishing is an online scam where cybercriminals send emails that appear to be from legitimate companies, and they request confidential information. Remote workers are advised to be wary of coronavirus-related news sites and emails asking for donations to fake coronavirus charities. KnowBe4, a security awareness training platform, has posted examples of well-crafted fake COVID-19 emails. To determine whether or not an email address is legitimate, hover over the address and a pop-up box will appear with the actual email address.

Empowering Remote Workers

Business leaders must also communicate clear and easy-to-follow work-from-home policies to their employees and empower them to respond to potential risks. Remind remote workers to use complex passwords, change passwords frequently, update operating systems, and secure WiFi access points.

Remote workers should be at the forefront of a company’s data protection efforts. ImageQuest conducts training sessions in Nashville, TN, Louisville, KY, and Bowling Green, KY to keep employees up-to-date with current cybersecurity best practices. ImageQuest also offers the following IT security services:

Security Assessment. An expert evaluates current capabilities and recommends a cybersecurity plan based on the company’s needs and budget.
Managed Detection and Response. ImageQuest monitors networks 24/7, analyzes incidents, and rapidly responds to security cases.
User Access Control. Tools are deployed to protect systems from malicious software.
Vendor Security Review. ImageQuest helps businesses evaluate the risks of using a vendor’s product or service.

Cybersecurity threats are continuously evolving. If you are looking for a cybersecurity service expert in Nashville, Louisville, or Bowling Green that can help you navigate the current landscape, visit ImageQuest online or call 888.979.2679 for more information.