When the pandemic struck in 2020, many Americans adjusted their routine to work from home. This transition sparked significant change in how employees operate. Early morning stops at the café became quick trips to the kitchen, while slacks and dress shoes were swapped for loungewear and slippers. Unfortunately, one important change flew relatively under the radar: employees began conducting business on their personal computers and WiFi networks. The switch to work from home means companies now rely on employees’ personal security practices. This in turn make them more vulnerable to cyber threats. As a result, many are implementing more robust cybersecurity crisis communications plans.
In this month’s blog, we look at the cybersecurity threats brought about by the transition to working from home. We’ll also review the building blocks of a cybersecurity crisis communications plan and how such a plan mitigates risk to your business.
Security Risks of Working from Home
So what are the security risks of working from home? One major threat is that employees are using personal computers and cell phones for professional communications. While using a personal computer is not inherently more risky, many of us do not follow the same rigorous security protocols at home as we would in the office. For example, employees are more likely to use weak and/or duplicate passwords on their personal computers. In contrast, I.T. staff often distribute secure, unique passwords for use on company computers. Accordingly, if a hacker uncovers a personal password that an employee is also using for company services (i.e. email or administrative login), the company is now at risk for a data breach.
Another common cyber threat facing at-home employees are phishing emails related to COVID-19. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order induce individuals to reveal personal information, such as passwords and credit card numbers. As a recent article in Forbes reports, the pandemic accelerated the rise of phishing scams, with Google registering 46,000 new phishing sites per week in 2020. (Click here to read the article.) These sites take advantage of people who are confused and looking for further information about coronavirus by baiting them into clicking a link and entering personally identifiable information (PII). Employees working from home may be more susceptible to these sites and less attentive to the risks they pose. Additionally, they may have less (if any) malware protection installed to protect the information stored on their computer.
Cybersecurity Crisis Communications
Many people assume that cyber threats only affect large, corporate companies with higher revenue. In fact, 43% of cyber attacks target small businesses! This is because hackers primarily aren’t looking to drain your bank account. Instead they want your data, which they can then sell at a larger profit. Unfortunately, there is no fool-proof way to protect your company from cyber threats. You can, however, put a cybersecurity crisis communications plan in place to mitigate the fallout from a data breach.
Although we recommend a crisis communications plan for all of our clients, there are specific elements to consider if the crisis involves a breach of clients’ protected data. (Click here to learn more about our crisis management services.) For instance, there are state-mandated protocols for data breaches resulting in a HIPAA violation. If you regularly work in the medical industry, you must know which authorities to alert should this type of breach occur. You should also seek legal counsel before communicating with stakeholders, employees, and the public. Your cybersecurity crisis communications plan should accordingly identify whom to alert, in what order, and establish the tone and verbiage of your message.
Finally, you will need a crisis management team to manage your internal and external communications. This is where Niki Jones Agency shines. Guided by a long-time emergency responder, our team knows how to plan for and respond in times of duress. We will use our knowledge of internet security and public relations to best position your company and address the crisis in real time. This way, you can focus your attention on restoring security measures.
Feeling unsure about cybersecurity? You’re far from alone. Niki Jones Agency can help! Call us today at 845-856-1266 and ask to speak with Niki or Louis.