How often do your employees work from home? And what about their favorite coffee shop? Or maybe the commuter train? Depending on the employer, or the number of weekend hours dedicated to work projects, employees can be logging on from a variety of locations on any given day.
And that means businesses and their IT teams are responsible for making sure they treat all employees as remote (sometimes) and train them properly in how to keep corporate data on their endpoints secure no matter their location.
Take coffee shops—ones that offer free connectivity. Here’s three common ways in which employees working from a cafe can put business data at risk:
- Free, public, wi-fi hotspots are obvious weak links. Cybercriminals have been known to set up a fraudulent link that is similar to the one used by the café or coffee shop. Hotel lobbies are also among the places that can be targeted by would-be hackers. Requiring employees to use a VPN is the simplest way around this challenge.
- Employees could also be victims of shoulder surfing -- a form of data theft where cybercriminals steal personal information by looking over your shoulder. It is relatively easy to eavesdrop on someone in crowded places, as they enter passwords on their laptops.
- Finally, if an employee connects to the coffee shop’s unsecured WiFi, they could be hit by man-in-the-middle attacks in which the attacker secretly intercepts and relays messages between two parties. It is often used by attackers for stealing login credentials.
Training, testing baiting: Bring employees up to speed
Experts believe that companies can lessen the likelihood of such threats by making sure employees are trained on proper cybersecurity protocols. This is exactly where cybersecurity awareness trainings can come in handy.
Whether you devise in-house trainings or recourse to a third-party security awareness training, when done correctly, such programs can strengthen a company’s cyber defenses.
But building a cybersecurity culture isn’t limited to implementing security awareness programs. As humans continue to be the weakest link in the security chain and SMBs become more vulnerable, here are five basic cybersecurity best practices that you should teach your employees to help protect your business and secure its data:
- Don’t leave your laptop or desktop unattended. Your laptop should have a screensaver set up that locks automatically and requires a password to prevent unauthorized access.
- Be wary of emails requiring urgent action and asking you to click on links. Don’t click on unverified links or download suspicious apps.
- Do not ignore software updates, especially antivirus updates that contain the latest files needed to tackle new viruses.
- Be certain that employees understand that they should not share passwords with coworkers. If a coworker accesses sensitive information using your password over public network, it could leave them susceptible to attacks.
As social engineering tactics get more sophisticated, it is imperative to employ proactive plans for backing up sensitive data. Investing in a cloud backup service like Carbonite will ensure your data is securely backed up.
