fr
Expertise
Programs
O&G Group
Claims
Careers
Blog O&G
Contact Us
Payment
Commercial insuranceCyber
Telework: Protecting your Company and Employees from Cyber Risk
Par Éric Legros

The pandemic seems, at last, to be receding from our communal landscape. Yet it has left behind some lasting effects. One of these is the way we work.

Instead of going to the office every day, many employees are now fully or partially remote. 

But the transition to telework, while it does solve a number of problems, has created others. One of these problems is a heightened cybersecurity risk.

Hackers and scammers have taken full advantage of the vulnerabilities inherent in this transition. According to statistics reported by IT Chronicles, over 65% of all companies suffered at least one cyber attack during 2020. And ransomware attacks have been increasing at a rate of 400% each year.

So what can you do to keep your company safe? How can you decrease vulnerability to cyberattacks when your employees have transitioned to telework?

If you own a company, here are some guidelines to protect your employees and your company. 


Require remote employees to use a VPN

Insist that remote workers connect to your company’s Virtual Private Network (VPN) when working from home. 

It’s equally important to maintain the strength and security of your VPN by training all remote workers on good security practices (more on that later) and upgrading to more secure authentication methods. Some possible solutions: requiring the use of smart cards and/or upgrading your encryption method from Point-to-Point Tunneling to Layer Two Tunneling Protocol.


Use strong passwords

Train employees on the importance of using unique and complex passwords which they are required to use in order to access your company network and data. These passwords should be used on all devices, including cell phones. This is the simplest and most effective defense against a cyberattack, and yet it’s often neglected. 

Encourage the use of password management software that makes it easier for employees to create and remember their passwords.


Be aware of email scams

One common scam involves the use of fraudulent email messages for phishing. Educate your employees on the dangers of opening an email from an unknown source. They should also avoid suspicious links or attachments that they receive via email. Emails that ask for sensitive information, such as login credentials or banking data, should be viewed with extreme suspicion.


Update your cybersecurity policy

The shift to telework happened so rapidly for some businesses, that they did not have time to make needed changes to their policies. If you have not already done so, it’s important to look at your work-from-home security policies. If you don’t have a document specifically addressing telework security, it’s time to formulate one. These should outline your policies on Bring Your Own Device (BYOD), cloud storage, email, and the use of remote desktops and applications.

Consider banning the use of personal devices for remote work

One of the biggest threats to cybersecurity is the use of personal laptops and smartphones. By downloading a document on their personal computer or sending it to their private email, employees can make you vulnerable to attack. If possible, the safest option is to only allow the use of company devices for remote work. Company computers and cell phones should be issued to employees and then set up and monitored by your IT department.

 

Use multifactor authentication

Multi-factor authentication validates login credentials, ensuring that only authorized users are connected to your network. This provides an extra layer of protection to your VPN against phishing and other kinds of cyber attacks. You can use it for your cloud-based data and services, too. Also consider only giving each employee as much access as he or she needs.


Provide training

Train every employee on the basics of cybersecurity. Part of that training is raising their awareness of common phishing schemes, how to recognize them and prevent them. Cybersecurity training should be an essential part of the onboarding process, combined with frequent refreshers for established employees.

 

By following these precautions, you can ensure a safe and productive remote working experience for you and your staff.

General insurance
Insurance and the Sharing Economy in Quebec
Par Éric Legros
En savoir plus
Cyber
Cyber Risks : Threat Vectors Facing your Business
Par Éric Legros
En savoir plus
Cyber
Cybersecurity: the Importance of Using Multi-Factor Passwords
Par Éric Legros
En savoir plus