The COVID-19 pandemic changed the way that companies operate seemingly overnight. To fight off the virus via social distancing and sanitation, our world of going to an office every day was switched to a remote workforce of people that mostly work from their homes.
While these remote arrangements helped our nation’s companies stay afloat, they also created a fair share of danger in the form of cybercrime. Hackers thrive on chaos, so this was the perfect time for them to take advantage of employees working from home with unsecured networks. The question is, since the employee is not in the office if a cyber breach were to happen, who would be responsible? The company or the individual? We look into that and give a few pointers below.
When thinking about liability in this instance, consider this scenario. If hackers stole the information out of a customer’s bank account, who would be responsible for fixing the issue? The bank that promised security or the individual employee who was the last person to assist with the customer’s account? Typically, it would be the bank that is responsible. If an employee purposely did something to allow the data breach, then they may be the guilty party, but the bank would likely be required to prove that fact.
The same goes for just about any company. Protecting your business is essential because allowing a hacker to steal customer data could be the end of your organization. Even if it was found that a sole employee was to blame due to not having antivirus software at home or something of that nature, the customers would still look at the company for answers. They would probably ask why the company did not care enough to take the proper steps to ensure that they have honest employees and that the necessary safeguards were in place to prevent a breach in the first place.
Placing blame aside for a moment, there are many other reasons why a company should take all the steps necessary to protect its data. For one, the cost of repairing your reputation, handling potential lawsuits, and fixing your vulnerabilities could cost hundreds of thousands of dollars, and for some businesses, that may be too much to take. Then there is the loss of trust by your customer base. If your clients can’t trust you, they will likely have no problem going to your competitor and you may lose a customer for life. Needless to say, if you haven’t considered the many costs associated with cybercrime, now is the time.
As alluded to earlier, there could be a case that the employee is to blame if they have been trained, they knew the risks, and they were still negligent to protect their home network. But to get to that point, your staff needs to be properly educated. Cybersecurity training should be a part of the employee’s orientation as soon as they start at your company and it should cover everything from common scams to the settings they should have on their computer.
Once the training is done, have them sign off on the paperwork showing what they have learned and what is expected of them, so you have proof if the need ever arises. On top of that, you can also require your teams to sign a non-disclosure agreement that the company could show in the case that an employee intentionally shared private company or personal information and a lawsuit or criminal charges were brought forth.
Even after the initial security training, continued communication is key to ensure that your teams are always kept up to date on current cyber risks, especially when a majority of your team works remotely.
When employees work on their own, especially if they are distributed over multiple locations, they can start to lose touch with their team leaders and that is when trouble can develop. Leaders should engage with their employees however they can, which could include email, chat, or over the phone. Sometimes, when speaking about a topic as important as cybersecurity, a face-to-face video conference may be the key so you can really drive the point home. Also, management should have an open-door policy so they can be reached easily if an employee ever has a question about cyber security.
Cybersecurity was a bit easier in the old days because an IT team could easily restrict employee computers and watch for potential danger within the office, but now, with employees working all over the country, it is harder to keep track of all potential risks. This is especially true when your employees can work from anywhere, especially in public places. Employees should be trained on avoiding common scams, such as the man-in-the-middle attack, which is a fake Wi-Fi network that looks like the real deal but instead connects directly to the hacker’s computer.
Smart passwords and two-factor authentication are other techniques that can protect company devices if a hacker can get their hands on them, but the best practice is to prevent employees from using company devices out in public in the first place. After all, if they can’t leave their home office, then the chance of misplacing a device or falling for the tricks of hackers is much less likely. When employees are at home, ensure that they have antivirus software installed on their computers and that scans are run at least once per week.
If your company is new to cybersecurity, then it may be a smart idea to bring in a certified expert. Cybersecurity professionals are brilliant at finding vulnerabilities within your current systems and recommending fixes to prevent the potential of future cybercrime. If you have the funds, it may be a smart idea to bring an expert on full-time, so you know that you are always protected. In the end, no matter who turns out to be to blame, a data breach at your company is bad for everyone. Take the proper precautions now so cybercrime becomes less of a threat and you can focus on growing your business.
Image Source: Unsplash (https://unsplash.com/photos/R_W_9D-53lw)