Employee Cybersecurity: Prevent Holiday Shopping from Compromising Your Network

employee-cybersecurity-blog

Employees are continuing to work from home as more and more cases of the pandemic come to light. This increase in cases means that working from home is going to continue for more businesses and industries well into 2021. Now, with so many employees working from home, network security has become an important topic of consideration for all business leaders. With the holiday season fast approaching and an increased emphasis on online shopping, what can businesses do to re engage employees and increase their cyber security posture to avoid an attack during this time?

Why should businesses be concerned about the holiday season, online shopping, and employee activities now in comparison to other years? Well, it all comes down to how employees are using their corporate devices and how they are maintaining or ignoring the corporate cyber security policies. In a recent study by AT&T, one in three (35%) of the employees utilize the same devices for both work and personal uses while 24% are sharing or storing sensitive information in unsanctioned cloud applications. These are major red flags for IT teams who are trying to ensure that each employee is safely connecting to the network during the day. For example, if an employee follows their company protocol and connects to the network via VPN during the day to complete daily business operations, but disconnects from this VPN during the evening as they are browsing the internet or making purchases in preparation for the holidays, they are putting this device at risk. At any time they are browsing the internet, they could stumble upon a malicious or fraudulent webpage, believing it is authentic, and compromise device access or their own personal information. This is not limited to employees using these devices, as the AT&T survey found, with 18% of the employees sharing their devices with another family member.

Another big risk during this time will be employees who have had to use their own personal devices during this time. IBM recently released a Work From Home Study, where 53% of respondents admitted to using their own personal devices while they are working from home. In addition to this staggering statistic, 61% of those who are using their personal device admitted that their employer has not provided tools or systems to properly secure their devices during this time.
 
employee-cybersecurity-blog
 
What can IT Teams and business leaders do during this time to secure their network devices, employees, and business data?

Conduct a VPN Audit – IT Teams should routinely conduct a VPN audit to ensure which devices are successfully connecting to the VPN client and which devices need additional help or security. This can easily help IT teams and leaders work with employees who are still struggling to securely connect to the network. During these audits, employees may share important information, such as video delays, audio drops, or long webpage load times that have contributed to why they no longer connect to the corporate VPN. Taking this information into account can give an IT team a complete picture of their network outside of simple data and reports.

Extend Employee Training – Employees need thorough and comprehensive training about their company’s cyber security policies. Employees also need to understand the impact that a single data breach can have on the company. Clearly outlining the depth of access an employee has within the corporate network, and in turn, the access a cyber criminal could have is a sobering illustration for any employee. IT Teams and leaders should follow these training sessions with useful tools for spotting phishing emails, malicious links or corrupted files.

Revisit Network Use Policies – Many businesses have filters, blocks, and alerts set up when an employee accesses an inappropriate or unapproved website while connected to the network at work, but times are different. IT Teams and leaders should revisit the list of acceptable sites, with the new understanding that they want employees to remain connected to their VPN client. Opening access to other sites, such as social media, Amazon, or other media sites, will likely mean less employees disconnecting their VPN to access these sites and opening their devices up to threats.

As employees continue to navigate through the rest of this year, and with holiday shopping, browsing, and online family dinners in the near future, securing these devices and how they connect to the network is going to be essential. IT Teams have worked diligently all year to meet business needs in times of transition and chaos, but now is not the time to lose focus of emerging threats and lurking cyber criminals.