April 15, 2020 | COVID-19, Cyber Security, Industry Insights | Jason Palumbo
Employees Working Remotely? Step Up Your Cybersecurity
The fallout from the COVID-19 pandemic in lost lives and economic disruption is tremendous. The pandemic has also caused unprecedented changes in the way we work. Many individuals throughout every sector of business are now working remotely. This includes the transportation sector, particularly as more state governments across the country impose stricter guidelines to stem the spread of the coronavirus. According to the National Customs Brokers and Forwarders Association of America (NCBFAA), customs broker and freight forwarder offices – large and small – throughout the United States are increasingly having employees work from home. The trade has shown confidence is the industry’s paperless environment, with the use of email, electronic data interchange (EDI) and blockchain, all of which enables documents to be scanned and transmitted securely online between parties.
While it is tremendously positive for business that many of us are able to conduct work remotely, it’s important to remember that cyber criminals are looking to exploit an environment that falls outside of the usual boundaries of IT security. With the increased use of personal internet service and personal devices that lack the accustomed level of security, a company’s IT infrastructure can be exposed to greater risks. Therefore, cybersecurity needs to be a top priority for every organization. This includes reviewing your data breach response plan to ensure it reflects remote workers. If your response plan or company policies and procedures don’t address remote work, now is the time to establish clear guidelines covering remote access to your company information systems and the use of personal devices. In addition, review your incident response plans to ensure your organization is prepared to respond to a data breach or security incident.
Managers and all employees should also be familiar with applicable security guidelines, plans, and policies. Following are several measures you and your workers should be taking to mitigate the risk of a cyber breach while working remotely:
• Safeguard all data related to confidential business information, trade secrets, protected intellectual property, work products, customer and employee information, and other personal information.
• Provide remote cybersecurity awareness training, including on how employees can detect and handle phishing attacks and other forms of social engineering. Phishing and email scams are on the rise on the heels of the coronavirus. According to research from Barracuda Networks, the number of attacks from phishing scams grew from 1,188 in February to 9,116 in March, a 667% increase. More than half of coronavirus-related phishing attacks are scams, 34% are brand impersonations and 11% represent blackmail business email, according to the report.
• Office devices brought home should not be shared with or used by anyone else in the home. This will reduce the risk of unauthorized or inadvertent access to protected company information. Be sure to lock your computer, tablet, or phone when walking away from your device.
• Ensure that VPNs are properly patched; as more and more companies rely on VPNs, opportunistic, malicious actors are finding and exploiting vulnerabilities.
• Require security software on employee devices and ensure that all versions are up to date with all necessary patches.
• Regulate personal-device use. Company information should never be downloaded or saved to an employee’s personal device or cloud services.
• Avoid using unsecured public wifi networks. Most employees working from home should have a secure wifi network. Working on an unsecured public wifi network increases the risk for bad actors to collect confidential information.
• Don’t forget to back-up your data. Data can be lost or maliciously encrypted with one wrong click on a link. A Ransomware attack could wipe out an entire system. Backing up your data will help you restore your services if necessary.
• Consider Mobile Device Management (MDM) and Mobile Application Management (MAM). These solutions help manage and secure mobile devices and applications, and can allow organizations to remotely implement a number of security measures, including data encryption, malware scans, and wiping data on stolen devices.
• Keep IT resources healthy and well staffed. When more employees than normal are working remotely, or remote work is new to an organization, IT resources may be strained and required IT assistance may increase.
• Remember, HIPAA and other similar laws still apply in the event your employee or customer health or personal data is compromised.
In assessing your cybersecurity plan, make sure you review your Cyber Insurance Policy. Cyber insurance can be designed to respond in the event of a cyber incident, covering forensic and notification costs, legal fees, fraudulent wire transfers, and third-party liability. Cyber insurance may also cover business interruption, regulatory fines, and crisis management if the loss is a result of the cyber incident.
Roanoke Trade specializes in the transportation industry, providing insurance products and bonds to freight forwarders, property brokers, logistics service providers, and customs brokers. Please contact us at 1.800.ROANOKE (800.762.6653).
Sources: Freight Waves, DIVE, Mintz, SHRM