Best practices for preventing fraud and improving cybersecurity in a remote work environment.
As health regulations and business restrictions evolve during the COVID-19 pandemic, businesses are striving to maintain productivity while adjusting their processes. Unfortunately, this storm of change has created openings for COVID-19 fraud schemes targeting businesses both large and small, and many are facing increased cybersecurity risks.
If your organization has shifted to a remote work environment, it may be time to adjust your cybersecurity plans. Here’s what you can do to safeguard your company and prevent fraud from impacting your business.
Maintaining Processes During the Rush
Supply chains across nearly every industry have faced disruption due to COVID-19 — and with many businesses desperate to keep operating and stay profitable, new or alternate suppliers are in extreme demand. Under this pressure, some businesses may forgo normal onboarding and screening processes, which could leave them vulnerable to fraud or misconduct.
If your business needs to find a new supplier, intermediary, or partner — and fast — be sure to follow your regular vetting processes. If you find a supplier offering a “too good to be true” price or deal, take extra caution. Remind your employees to carefully review the details as they pay invoices or work with new suppliers.
Keeping Remote Systems Secure
As employees continue to work remotely, your company’s communications, sensitive information, and transactions may potentially be transmitted outside of secured business networks. With that in mind, take steps to make sure your business is protecting itself. The Federal Trade Commission (FTC) offers a list of security tips for remote employees including:
- Revisit cybersecurity basics. Make sure your teams’ security software is up to date. Remind employees to keep strong, unique passwords on all devices and apps — a good guideline is at least 12 characters with a mix of numbers, symbols, and capital and lowercase letters. Whenever possible, encourage your employees to enable two-factor authentication.
- Make sure your employees use a secure network. Whether employees are using a home connection or accessing your company network remotely, the FTC offers guidance on how to secure a wireless network.
- Take care of sensitive data, files, and equipment. While working from home, employees may need to access confidential information or sensitive data. Remind them to store any hard copies in a secure location and shred the copies if they no longer need them. Further, employees should password protect their laptops and avoid leaving equipment unattended.
Be sure that your employees understand that when they work from home, their home office is an extension of the company office. Your company’s standard security practices should extend to their remote setup, as well.
The pandemic has led many small businesses to seek financial assistance from government agencies like the Small Business Administration (SBA) for the first time. Some criminals are attempting to take advantage of those interested in Paycheck Protection Program (PPP) loans by posing as representatives of the SBA. In some cases, scammers are contacting business owners to request sensitive data like Social Security numbers, tax IDs, and other sensitive business or personal information.
Avoid falling victim to these types of scams by applying for financial relief only through an established financial institution — ideally an SBA Preferred Lending Partner (PLP). If you have questions or need more information about SBA relief programs or public health mandates, visit an official government site such as SBA.gov.
During these times, business email compromise (BEC) is also on the rise. Scammers may take advantage of remote workers by posing as a colleague or senior staff at your company. For example, a criminal might pose as the CEO asking an employee to approve a wire transfer, as an HR representative requesting personal information, or as an I.T. staff member asking for a password or directing an employee to download software. These ploys could lead employees to release funds or information that threatens the security of your company.
Educate your team on the most common attacks and encourage them to take extra precautions. Remind employees to look for signs that an email could be forged and to always check the sender’s address. Employees should never respond to unsolicited emails and texts or click links or attachments from unfamiliar senders. If you suspect an attempted fraud, report the incident to the FTC.
As businesses face new restrictions, reduced hours, and cash flow constraints, many company leaders have shifted their focus to operations and business continuity. With personnel and resources focused on keeping the business operational, there may be lapses in fraud prevention and security efforts. Perhaps prevention functions were left understaffed, or standard security practices were skirted when making changes to the business.
No matter the impact COVID-19 has had on your business, it’s important to stay on top of fraud prevention and make sure your systems are up to par.
By updating or maintaining your cybersecurity systems and encouraging your team to practice vigilance, you can help protect your business during vulnerable times.