Security Steps

There’s no question that the pandemic has made remote work more of a necessity than ever before, a situation that has led to a rise in cyber security risks. According to “Cyber Security: Protocols for Manufacturers during COVID-19,” produced by the National Association of Manufacturers, the COVID-19 work experience can create unique vulnerabilities for companies, as employees’ home networks may not be secure as traditional business networks.

What kinds of cyber risk are there?

There are many kinds of cybersecurity risks. According to NAM’s report, some of the most common cyber threats include ransom or ransomware, an attack during which a third party infiltrates a company’s network, and remotely holds a company’s files or systems hostage, restricting access until the person’s money demands are met. Additionally, a phishing scam can arrive in the form of an email, or attached document, that seems to be from a trusted source but is designed to allow a third party to steal the email recipient’s, or the company’s, information.

What can an employer do?

1. Update all systems. eSentire, a cybersecurity firm, recommends that companies ensure that all computer systems are up to date, including workstations and servers. The firm also recommends restricting the downloading of applications.
2. Create a closed or segmented network. NAM’s guidelines also recommend implementing a virtual private network, or VPN, for home network users. This kind of network is closed, securing it from outside users and offers a secure and encrypted connection between devices and the company server. A company can also divide its network into several segments that are not connected, which limits the impact of a data breach in any one segment.
3. Train employees. Both NAM and eSentire emphasize the importance of employee training. This includes making staff aware of the ways to securely access the company’s systems, and what current cyber threats look like. Sending employees “tests,” such as practice phishing emails, is one tool to gage employees’ understanding.

What can employees do?

1. Follow email best practices. As stated, phishing scams are a common type of cyber-attack that employees should be aware of. The IT solution firm designData recommends that users always hover over links in emails to make sure they’re legitimate, and to never click on an attachment until the reader determines that the email is legitimate. Users should also distrust emails that have threatening language or ask for personal information, they say.
2. Change passwords. According to a 2019 Verizon data breach report, 81 percent of data breaches resulted from stolen or weak passwords. designData recommends that users ensure that all accounts have different passwords, with a length of 15 characters or more. The firm also recommends password managers, such as LastPass, that generate unique passwords for all accounts, as well as two-factor authentication applications that require users to provide two pieces of information in order to access an account.