Your staff is working from home. You’ve scheduled regular video check-ins. You are still coming up with a plan should this crisis go on for a long time. But how much time have you spent thinking about cybersecurity? Cyber thieves love a crisis. They know you are distracted.
We got a taste of this when word got out that Zoom teleconferences weren’t all that secure. So, its a good idea to spend a little time thinking about whether your work at home strategies have unknowingly created opportunities for the bad guys who want to steal your data….or worse.
You might have a tech person who is generally in charge of such things, but there is a good chance that he or she is now trying to keep people online from remote locations.
There are some basic things you can do to help protect your organization.
- Remind your staff to be on the lookout for phishing emails that might pretend to offer directions on dealing with the pandemic or any other subject.
- Make sure your devices have the latest anti-virus protection. That includes personal tools that are now regularly connected to workplace servers. Provide instructions to your staff as needed.
- Is your organization using VPN software? A Virtual Private Network, allows you to create a secure connection to another network over the Internet.
- Use multi-factor authentication whenever possible. These are becoming more and more popular. Multi=factor authorization provides a user access only after providing two or more pieces of evidence to an authenticator. That could be your password, plus a code sent to your phone.
- If you have to work on a public WiFi, don’t share any confidential or sensitive information.
- Be sure that because of frustration, that your employees aren’t using risky workarounds just to get their work done.
- Be especially careful of how donor data is being handled. Do not allow employees to take checks home to enter. That violates many safety protocols. Perhaps you can work with your bank so that they actually process all of the checks sent to them on your behalf. As the end-user, you get a report of all transactions without actually touch a check. (Shameless Plug: See the chapter on PCI compliance for information on handling donations and credit cards in my book, “The Public Media Manager’s Handbook“).
If your organization doesn’t have a security professional to help you, find one. This is not a time to take chances.