The holidays are not only a prime time for shopping, it is also one of the best times of the year for cybercriminals to attack. Organizations large and small remain vulnerable as more employees work from home.
In fact, the threat will continue to challenge startups and small businesses as they consider future plans for their workforce, with 56% planning to have some of their employees work from home permanently.
The reality is, the line between one’s work and personal life has become blurred. Employees can be targeted for both their personal information and their company’s data. From phishing attacks and credential stuffing to the increasing number of COVID scams, employees are the gateway to potential organizational risks, even if they don’t know it.
With devices and applications introduced into workplaces that are not managed by the IT department increasing and people leveraging their work devices for personal online activities, it is more important than ever to ensure every access point to your business is protected. It’s vital that you enhance your company’s cybersecurity practices, starting with enforcing basic cyber hygiene and raising awareness of the risks employees face.
There are several steps entrepreneurs can take to keep their businesses running securely during the end of year rush, including:
- Don’t overlook the basics. Start with cybersecurity hygiene. Make sure all software deployed to employees is updated and working correctly; regularly update firmware and anti-malware and ensure that all data backups are up to date. Tracking all applications being accessed should also be part of the cybersecurity program, as many threat actors target unattended apps.
- Adopt single sign-on (SSO) and password management. There is no doubt that passwords are a hazard to your business. Employees tend to reuse the same weak passwords across accounts. SSO can simplify managing account access to work applications and provide employees with an easy and secure way to log in, no matter where they’re working from. SSO connects users to apps and systems without the need to create and remember passwords. Instead, a user only has one password to remember: the password to access his or her SSO portal. Of course, the goal is to secure all entry points to the business, which includes those apps that aren’t mandated by IT or can’t be authenticated through SSO. This is where an enterprise password manager comes into play, helping users manage all their other passwords.
- Enforce multi-factor authentication (MFA). There are different types of MFA, but at its core, MFA adds an additional layer of security by requiring a further login step. MFA leverages different factors (such as a code) to authenticate who is accessing a device or application. The employee would complete two or more factors in alignment with the MFA policy, while IT can rest assured they are giving access to the correct people.
- Create a security-aware culture. No matter what technology you have in place, you are still vulnerable if you do not bolster online security through employee awareness. Without security awareness and educational resources, employees may not understand how to identify a phishing email or malicious links on a webpage. Providing teams with cybersecurity training to help them recognize threats, understand their personal and corporate risks and what role they play within the security of the full organization, will help create a security-aware company culture.
Getting cyber ready
As employees continue to work from home and the line between personal and work life continues to blur, especially during a holiday shopping season, protecting a company’s assets is more important than ever.
Cyber hygiene, security trainings and simplifying access and adopting the right tools to authenticate employee identities are key steps to maintaining control and securing company assets through the holidays and beyond.