According to a recent Kaspersky report, How COVID-19 changed the way people work, three-in-four (73%) employees working from home during the COVID-19 pandemic have not yet received any specific cybersecurity awareness guidance or training from their employer. Additionally, one-in-four (27%) employees said they have received phishing emails related to COVID-19.
With employees worldwide making the shift to working from home, it is important for businesses to ensure their staff can do so safely. This can be challenging as it takes an abundance of resources to enable secure access to services that staff regularly need for their daily jobs. As such, establishing effective cybersecurity measures is critical as remote working may also bring new risks such as increased spam and phishing attacks, connecting to compromised WiFi spots or the use of shadow IT by employees.
A survey of 6,000 workers around the world has shown that employers may not be explaining to their employees how to avoid becoming victims of cyberattacks. Accidental downloading of malicious content from attacks such as phishing emails can lead to devices being infected and business data being compromised. Many employees have also increased the use of online services for work that were not approved by their IT departments, known as shadow IT, such as video conferencing (70%), instant messengers (60%) or file storage services (53%).
Andrey Dankevich, senior product marketing manager at Kaspersky mentioned that It is difficult to keep things ‘business as usual’ when everything needs to change so dramatically. While the employees are trying to get use to the new reality of working from home, IT and cybersecurity teams are under pressure to enable them to continue working safely. Cyber-incidents can only add difficulties to this challenge, so it is important to remain vigilant and make sure remote working is also secure working.
Kaspersky advises the following recommendations to help businesses enable secure remote working for their employees:
-Ensure your employees know who to contact if they face an IT or security issue. Pay special attention to employees that have to work from personal devices and provide them with dedicated policy and security recommendations
-Schedule basic security awareness training for your employees. This can be done online and should cover essential practices, such as account and password management, email security, endpoint security and web browsing. Kaspersky and Area9 Lyceum have prepared a free course to help staff work safely from home
Take key data protection measures to safeguard corporate data and devices, including switching on password protection, encrypting work devices and ensuring data is backed up
-Ensure devices, software, applications and services are kept updated with the latest patches
-Install proven protection software, such as Kaspersky Endpoint Security Cloud, on all endpoints, including mobile devices. It also helps ensure that only approved online services are used for work purposes, reducing the risks of shadow IT