Imagine you’re a business traveler at the airport with a little time to spare before your flight. You fire up your laptop, access the airport’s free wi-fi, log on to your bank account, and pay your credit card bill to free up credit for your trip. Efficient use of time, right? Well, also imagine that you chose the wi-fi access point that looked most likely to be the free airport network from the several options that popped up in your connector – except it’s not. It’s actually a look-alike set up by a hacker, who is now tracking your banking and credit card information, because you’re logged on to his network. Not so efficient, or safe.
Such scenarios are unfortunately all too common. Many people equate “free” wi-fi with “safe” wi-fi, but that is simply not the case. With the connected workplace expanded well beyond company walls, both employers and their mobile workers need to approach online security differently.
Be Mindful of Cyber Risks and Maintain Hygiene
With cyber threats so frequent and diverse, users need to stay mindful of the risks. Many of us are more trusting than we should be when it comes to the internet. And, while everyone enjoys getting “free stuff” – internet access, social connections or interesting content – it’s the nature of commerce that something is extracted in return, such as privacy, web surfing habits, receiving advertisements. If you don’t understand what you’re giving up, you may be surrendering more than you want to.
Also, digital hygiene counts! We use our devices for more and more critical things – mobile work, banking, healthcare – so timely updating of apps or devices is crucial to protecting them. For example, big attacks such as last summer’s WannaCry and Nyetya attacks were completely preventable on devices which had the Windows upgrade that fixed the vulnerability. Yet hundreds of thousands of people didn’t apply the patch! If the lock on your front door was broken, would you wait to fix it? Think of the devices you rely on the same way. Installing updates only takes a few minutes, so commit to making this part of your daily routine.
The Employer’s Responsibility
There are many easy-to-deploy, cloud-delivered services that businesses can employ to help increase online safety. For example, Cisco Umbrella is a cloud delivery service that allows visits to safe websites and prohibits visiting risky ones. Additionally, if your resources permit, your IT department can collect embedded data about what devices connect to your network, and determine which may have become infected when off-net. As your company grows, any or all of these defensive layers can be deployed. Think of it like using a basic door knob lock, then adding a slider lock, then a dead bolt.
In addition, online safety requires having a safe connection. A practical option is for employers to offer their teams the reassurance of a Virtual Private Network (VPN), a highly secure pipe between their devices and your servers. Unless your company is legally restricted from doing this, providing your mobile employees a safe way to get online, even if for personal reasons, simply makes good business sense. Policies and controls can restrict inappropriate surfing, but protecting their devices and keeping malware out of your network increases your company’s overall safety – and productivity.
Even with these defenses in place, stay vigilant about proactively looking for intrusions, which will occur. Be able and ready to react. As with security cameras trained on buildings that already have door locks and badge readers, be sure you have some virtualized “camera” guarding your network.
Combating Human Error with Training and Education
Despite all of these precautions, people will still make mistakes. While first-hand experience is always an effective teacher, employers can help people “get it” when it comes to online security by creating targeted training programs. Communicate proactively about cyber risks in ways that are meaningful to specific job roles. A factory worker will face different risks than a bank teller or a mobile insurance sales person, so adapt training to their unique systems and processes. Then proactively notify employees when it’s time to do patches and updates, and, if possible, give them tools to do so easily.
At Cisco, we work hard to establish a culture of cyber security and to drive the online safety message home to our team. Our Cyber Ninja program encourages developers to earn levels of belts that represent increasing cybersecurity knowledge. We maintain Communities of Interest across the company to build a network of cyber knowledge transfer and mentorship. We’ve deployed Cisco Umbrella on every laptop an employee uses, providing an automatic protective layer they don’t have to think about.
Perhaps the most effective training is the quarterly phishing exercises we email to every employee. Everyone needs to be aware of and skilled on spotting phishing attacks. If someone clicks on a phish, they get immediate training on what they did wrong and how to spot the real thing when it comes. Over several years, markedly fewer employees take the bait.
Cyber safe remote work really comes down to awareness. The internet is an incredibly beneficial resource, but it also is an open, untamed and unregulated environment. Like navigating home through a large city, getting to your happy place online means you must first travel through some higher-risk streets. Act accordingly, and you’ll go a long way toward staying safe online.
October is Cyber Security Awareness Month, and Cisco is a Champion Sponsor of this annual campaign to help people recognize the importance of cybersecurity. For the latest resources and events, visit cisco.com/go/cybersecuritymonth.
Cyber Ninja trainings are good and quite informative