Any holiday season is a cybercriminal’s favourite time of year. While you’re off taking a break, the digital thieves are working hard to steal your stuff.
They know that although the office is closed, many people take their laptops home, along with whatever sensitive documents they may have on the hard drive. These valuable intangible assets are juicy targets for cyber pests and the last thing companies want is for them to be stolen because an employee carelessly logged on to read emails while eating shrimp at the wrong restaurant.
Cybersecurity is a whole-of-business mission. It’s not something that can be left to the leadership team or the IT department. For years, the message from cybersecurity professionals and consultants has been that it is everyone’s responsibility to keep sensitive data from walking out the door. There’s something about being in an office that encourages good cybersecurity hygiene.
However, this discipline seems to evaporate when employees work remotely. Firing up the laptop at home feels more casual, precisely because the home is a place of comfort. When people feel safe, they tend to let their guard down. And that’s when cybercriminals pounce.
According to Alliance Virtual Office, 69% of employees use personal devices for their work tasks while the same amount (70%) use work devices for personal purposes. This kind of muddling is music to the ears of cybercriminals since personal devices often lack the security guardrails that protect work devices.
Tighter rules are needed for remote workers – especially when dealing with intangible assets.
It’s not an easy fix, however, because working from home generally requires staff to engage with sensitive documents or data. There’s no way to avoid this. The only practical safeguards are to ensure that your staff actually know what information is sensitive and confidential, and also to ensure remote workers use a secure Wi-Fi connection (no, this doesn’t include virtual private networks (VPNs) since those come with their own security risks).
The safest place to use the internet will always be behind the firewalls at the office. But, if staff need to work remotely during the holidays, then it pays to remember the hierarchy of safety:
- Internet access at a person’s home will likely be safer than their mobile phone connection;
- A mobile phone will be safer than a hotel Wi-Fi;
- And a hotel connection will be less dangerous than a random café Wi-Fi login.
Sure, this is cartoonish, but it helps frame the kinds of risks lurking out there for unwary remote workers. If it’s not urgent, it can probably wait until you’re using a more secure connection.
Once you’ve found a (relatively) secure internet connection, that’s just the first step. There are many other things you can do to improve safety that don’t require too much more effort.
For example, it may be wise to download sensitive documents onto your local machine, log off the internet and continue to work offline. When you’re ready to go relax by the pool, switch the Wi-Fi back on (only at home), upload the files to synchronise your version with the online copy and then delete the version on your local machine. The point is to limit the amount of time an out-of-office laptop is logged in to a vulnerable internet connection.
And don’t forget to watch out for malicious emails.
While at the office, IT teams will either filter out the nastiest phishing attempts or at the very least quarantine any toxic files that employees accidentally open. Yet, cybercriminals have plenty of clever tools that look for remote workers checking their emails while on holiday.
Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails being sent every day. While most people are savvy enough not to fall for spam, criminals can impersonate your boss in an email and get you to send money or confidential information anywhere in the world. You might be surprised how often people fall for these traps, especially when working from home.
In fact, given the sophistication of phishing attacks, it may be wise to warn staff about opening any email that mentions money. It’s better to err on the side of caution, especially if when not their day-to-day job to move money on behalf of the company.
It’s a bit clunky and with all these checks and precautions, you may even feel like a pilot preparing an aircraft for take-off. However, a little extra security isn’t the end of the world – and it just might avoid an apocalypse.
If you are working remotely during any holiday season, good cyber hygiene may add a few more steps to your day but the alternative could mean the business loses its crown jewels.
Free 1hr Consultation
Intangible assets are a company’s greatest source of hidden value and hidden risk. Make the valuable visible in your organisation.
Sign-up for a free 1-hour consultation today.