As many media outlets like to point out, we have found ourselves in unprecedented times. The covid-19 pandemic has changed how we live in many different ways: masks, social distance, and online learning. A year ago, no one could have predicted this. It is also quite possible that, even when the pandemic is over, some of the changes it has brought will remain with us, for better or for worse. In this article, we will talk about how you can keep your workforce secure from cyber attacks.
Our workplaces were not immune (pun not intended) to the pandemic either. Unfortunately, many companies had to downsize, and many others – if not the most – had to switch their work from the classic in-person/office mode to the virtual one. While that might have affect productivity, the way people interact and bond with their colleagues, and the way people see their jobs at all. It also brings many new challenges and difficulties when it comes to workplace cybersecurity.
As we all know, many people and organizations on the internet are dedicated to hacking, scamming, or even extorting money from people using any means they can. This usually means using computer viruses, convincing trusting people they need to send them money, or hacking into someone’s account to find sensitive info, such as passwords or PIN codes.
Of course, as much as an ordinary person might be in danger of getting hacked, a company might be even more, as it usually has more money and data to lose. The usual measures are taken to prevent that, such as having specific computers in the office used solely for work, having them have the latest anti-viruses software installed, and not worrying if the employees will open a phishing email from their account. Well, those options are not very viable anymore.
Some companies could provide their employees with computers or laptops to take home to work from, but many are not. Also, it means many people who are not very knowledgeable about cybersecurity are now forced to work more on the computer than before. They often use new programs they have never used before or use third-party apps and sites for casual browsing and fun on the same devices they use for work, therefore putting the companies at additional risk.
Many steps can be taken to protect themselves and their companies from cybercriminals, and learning to do it is a vital and necessary step. Therefore, employers need to develop training that will teach their employees how to be careful and how to recognize the signs of any potential scams and viruses.
One of the most important places to start with is email. Emails are a necessity in practically every company, and cybercriminals know that. They will try to contact people in many ways. Using everything from threats (they pretend to be the police or another government agency) to things that will make people happy (they will tell you that you won tons of money and all you need to do to get it is send them some of your data).
Sometimes they will go for the simple ‘click on the link, and your computer gets infected’, and occasionally they will use social engineering to get you to do what they want and send them the info they want. In any case, the main thing to remember is – if it sounds too good or too bad to be accurate, it most likely is.
Talking about social engineering, what exactly is that? Social engineering, also called ‘human hacking,’ is a technique in which people are manipulated into giving away confidential info or performing actions they might not want to do. It has also been described this way: ‘any act that influences a person to take any action may or may not be in their best interests’. Both ‘pretending to be a cop’ and ‘telling people they won money’ types of scams that were already mentioned are subtypes of social engineering. It is a dangerous practice because it relies on human error.
Classic cybersecurity protection protocols, such as anti-virus programs, cannot do anything to prevent it, as they might when you try to click on a suspicious link or access a suspicious website. Therefore, employees must be trained to refuse to give out any sensitive info to strangers and confirm any colleague’s or even the supervisor’s identity before sharing any information.
Another essential thing to remember is that it is always better and more comfortable to prevent a problem than resolve it once it had already caused harm. Thus, employees must also be trained to understand what consequences their virtual actions might have and that even harmless things on the internet can force them and their companies lots of trouble.
By having all of the employees, from a newbie to a CEO, of a company take active responsibility for the company’s cybersecurity (and every other kind of security), a safer environment can be created for everyone, saving everyone from potential headache, money, or even job loss.