There are many risks companies face with work from home employees. We will focus on the top two risks phishing and compliance; you should address now. You can download our free guidebook to get a more in-depth summary and three more risks you don’t want to overlook.
We know not everyone has time to dive into our guide, so we wanted to take two subjects we feel businesses need to look at.
If you use email, then you are at risk to be phished. A quality email and spam filter can eliminate many of these emails before they ever reach your employee’s inbox.
The best defense against phishing is education. When training Secret Service officers to recognize counterfeit money, the most effective technique they use is studying legitimate United States Dollars. There are so many variations of counterfeit bills, that knowing all the characteristics of real money, allows them to spot counterfeit bills more effectively.
Human error remains the single greatest reason for data breaches. Social engineering and phishing schemes are aimed at the individual user and are delivered to their email address. The groups behind these malicious campaigns are counting on a mistake.
They are counting on your employee to click a link, open an attachment. They want them to save a file, fill out an online form or install an application.
Training your employees will enable them to recognize scam emails. Employees who regularly participate in Security Awareness Training are less likely to open attachments, fill out private information and click on links.
Recent Facts Regarding Phishing Schemes
Email is the primary delivery method for malicious software with an estimated 94% of infections being delivered via electronic messaging. Phishing has increased over 600% in recent weeks.
Scammers have a bunch of new content and subject matter to draw from. Covid-19 stimulus, Covid-19 tracking websites, and other scams involving Coronavirus continue to emerge. This trend shows no signs of letting up and will soon evolve to include Covid-19 debt relief.
No one can predict what technique scammers will use, but here are some things to look out for:
- Covid-19 Debt Relief
- Covid-19 Mortgage / Rent Forgiveness
- Covid-19 Tax Rebate (Refund)
- Scam suggesting Company – Celebrity will give a product / money away if you sign up
- Census scams
- Other potential Covid-19 scams
Again, it is impossible to predict precisely what messaging scammers will use. We can, however, look at previous events and try to make some educated guesses. What we want to avoid at all costs is falling victim to one of these malicious email campaigns and allowing the scammers to extract data or any financial resources. Scammers can make money from the data they obtain from you.
If your business has healthcare records, or your business accepts credit carts as a form of payment, then your compliance requirements are still in effect. You can stay up to date on PCI compliance by visiting their site, and you can also get an overview of the HIPAA security rules here. It is important that your employees are reminded of this and advised to adhere to your previously established policies.
If a security breach occurs, or a PCI of HIPAA violation is suspected. Your company will have to provide details on what steps were taken to protect this sensitive data. Failing to produce the appropriate documentation of what safeguards were taken could result in substantial fines.
If you absolutely must, install a trial of a managed anti-virus product so you have some reporting and have additional protection.
The single biggest step you can take to avoid falling outside of either PCI or HIPAA compliance is to mandate that employees are prohibited from downloading data to their local workstations. If the data is kept in a safe place such as the company server, it is easier to protect and ensure all your data is being backed up.
It is when the data is downloaded locally that has the largest possibility of theft or compromise. Servers typically are configured with security in mind and are protected with regular backups. Whereas desktops have an inherently higher risk, due to their configuration coupled with the fact that your employees’ computers could be outdated, have expired anti-virus or be shared with other family members.
Be sure to download our complete guide for a more in-depth analysis of the 5 risks your company must evaluate now, in order to stay protected.
Our blog is packed with useful information so make sure you check it daily so you don’t miss anything.