Skip to main content

istock.com

You’re working for your employer from home, as you have been doing for close to two years. You’re pushing to meet a deadline, and you distractedly answer the phone to hear someone say they are from your company’s IT department. There is a problem with your network, they tell you, and then they ask for permission to log into your system remotely to fix it.

Are you in the frame of mind to question the legitimacy of this request? It is possible that a fraudster is trying to deceive you to gain access to your computer with the goal of causing harm to you and your company, but if you haven’t been guided to think through your choices, you may become the victim of a cybercrime.

Training employees to be on guard for these kinds of risks is crucial for businesses seeking to optimize their cybersecurity, and all the more so at a time of pervasive remote work, says Theo van Wyk, head of cybersecurity for CDW Canada. Protecting assets and data from attacks requires a layered system involving what he calls “the triad of a healthy cybersecurity posture.” The three pillars are people, processes and technology.

“It’s usually vulnerabilities in one or a combination of those pillars that attackers use to commit fraud or to steal data,” says Mr. van Wyk. “So companies need to address all three to reduce their risks.”

Arming your people with the knowledge and attitude to detect a potential fraudster is often “the first and last line of defence,” he says. “Human error is the most common cause of cybersecurity breaches. So you need to train your users to detect various types of fraud attempts and react appropriately.”

Setting up formal processes for dealing with scenarios similar to the one described above adds further protection. When people are working from home, they can flounder or even panic when they are not prepared to assess an unusual occurrence. “If you’re working in an office, the process is different. You’re often within walking distance of your IT Help Desk or can seek advice from a colleague,” says Mr. van Wyk. “At home, without a clear process to guide you, you can more easily make a potentially costly mistake.”

From the technology perspective, remote work can often elevate cyber risks, he says. “For example, a failure to regularly update employees’ computers with the latest security patches creates vulnerabilities that attackers are known to exploit.”

Cyber attackers are typically seeking a financial payoff, and they use various methods to achieve that goal. It could be a ransomware attack, in which the criminal gains access to a system, encrypts the data and demands money to decrypt it. Another method is to gain access and threaten to release sensitive or competitively important information unless they receive a payment. Often, fraudsters use some form of “social engineering” to get access in the first place, and that means they trick you into thinking they are someone you would be inclined to trust.

“We advise companies to embed the concept of ‘zero trust’ into their technologies and processes, for example, through multi-factor verification,” Mr. van Wyk says. “And they also need to educate their employees to not implicitly trust when they receive an out-of-the-ordinary request.”

Another important issue in terms of people is the need to create a culture where employees are encouraged to report a breach.

“The cost or severity of the damage from a breach increases exponentially the longer the attacker is allowed to dwell in the network,” Mr. van Wyk says. “It’s important that employees feel comfortable reporting what has happened. A quick response can often quickly shut down the attack in a short amount of time and minimize or eliminate the negative impacts.”


Advertising feature produced by Randall Anthony Communications. The Globe’s editorial department was not involved.