A recent Twitter hack affected the accounts of several celebrity figures, including Barack Obama and Kanye West, and highlighted the need for businesses of all types and sizes to stay vigilant about cybersecurity as more workers and vendors work remotely.
When shelter-in-place orders arose in March, many businesses very quickly moved to remote work, sending workers home with laptops that lacked proper anti-virus and security software and then never doing anything about it.
In many cases, workers are using their own personal devices to conduct business transactions. Those devices are even less likely to have proper protections in place, and they are more likely to be vulnerable if they are being shared with other family members at home.
In the Twitter incident, the hackers engaged in a planned attack and accessed the direct messages of 36 accounts of workers with administrative access.
The increased level of distraction during remote work likely made those workers more vulnerable, in that they might not have been as likely to properly identify phishing messages or calls as security risks.
Even if you think you have security software enabled on the devices you and your workers are using, be aware of how the software works. Some security software is set up to identify hackers by tracking the day-to-day habits of the user. That might include what days and times of day the system is in use and for how long. Systems set up that way might become less effective now that remote workers’ patterns of device use have drastically changed.
Protecting your business systems from attack starts with training your workers. Set up a virtual session to educate everyone about system security and procedures to protect company data.
It’s never too late to implement security measures. Purchase subscriptions to anti-virus software for everyone and implement two-factor authentication.
If you don’t already have it in place, consider using either a free or paid end-to-end encryption service. End-to-end encryption provides a secure line of electronic communication that is protected from third parties and only accessible by the sender and recipient.