Paubox blog: HIPAA compliant email made easy

Cybersecurity risk management: How companies are responding to COVID-19 and remote work

Written by Sara Nguyen | November 19, 2020

A recent study by Visual Objects shed some light on how companies responded to new security risks due to more employees working remotely during the pandemic.  SEE MORE: Cybersecurity Challenges of Remote Working With the rise of remote work, companies had to ensure that their employees were safely and securely able to work from home. IT had to adapt networks rapidly to accommodate this change.  Keeping IT infrastructure safe from cybercriminals is a huge priority—especially in the healthcare industry that deals with sensitive data like protected health information ( PHI ).

 

Best practices

Per the Visual Objects' report, here are five best practices that companies are implementing to reduce their cybersecurity risk as people remotely work from home.

 

1) Take work devices home and don't use personal devices

The survey revealed that 66% of employees took home their work computers and devices. This keeps their professional and personal data separate from each other. However, a third of the workforce are using their own personal devices to work from home. This BYOD (Bring your own device) practice has been a trend for several years since employers have noticed improved productivity, efficiency, and workflow. Yet it comes with the price of a potentially unsecured network. If your employees are using personal devices, make sure they have the right security installed, like anti-malware protection, to secure data. SEE MORE: Why BYOD Protection Is Important for Healthcare

 

2) Use a secure WiFi network

According to the survey, a secure WiFi network is the most prevalent cybersecurity practice that companies used. But not all companies are mandating their employees to use a secure WiFi network.  This could be a dangerous mistake since public networks are vulnerable to attacks from hackers.  Hackers can infiltrate an unsecured network and launch malware , worms , or look for security gaps to obtain information. Requiring your employees to use secure WiFi networks is a simple and effective way to keep your cybersecurity strong. SEE MORE: The Top #5 Tips for Securing Your Home Network From Cyberattacks

 

3) Train employees on phishing scams

The most significant security risk isn’t related to your IT system; your employees are prone to human error and falling victim to email scams. SEE MORE: Hacking and Human Error: Two Enemies of HIPAA Compliance Email phishing scams are a popular method for cybercriminals to get into your network. All it takes is for an employee to click on a link or open an attachment for ransomware to infect your system. Employee training is crucial to prevent ransomware . Your employees need a keen sense of awareness to recognize phishing scams and avoid becoming a victim. SEE MORE: How to Ensure Your Employees Aren’t a Threat to HIPAA Compliance

 

4) Require virtual private networks

Virtual private networks (VPNs) offer an extra layer of security by encrypting data and making it only accessible to other VPN users.  For those working remotely, a VPN ensures that all work data stays within the network and keeps sensitive information safe from unauthorized users.  It’s also a great back-up security tool in the case of a secure WiFi network failure. A VPN removes reliance on an employee’s personal network to keep data safe.

 

5) Utilize two-factor authentication

Two-factor authentication (2FA) is a popular method of keeping online accounts secure. 2FA asks a user to verify their identity twice—first with the password to the account and then with additional verification. The second verification can be answering security questions or receiving a custom PIN through a text message. This is an easy and straightforward way to keep your data safe but still making it accessible to your employees. SEE MORE: Two-Factor Authentication: What Is It, and How Does It Work?

 

Many companies aren’t enforcing any cybersecurity measures

Even though a remote work environment means more security risks, Visual Objects reported that some companies do not implement any safety measures to protect themselves. In fact, as many as 34% of companies haven’t implemented standard cybersecurity practices during the pandemic. They may be worried about the cost or being able to execute new protocols effectively, but it’s worth the trouble to ensure that your remote employees are secure. A data breach can cost you hefty fines for violating HIPAA, and there’s also the possibility of receiving a ransom demand from the hackers in a double extortion attack . It’s much easier and cheaper to implement cybersecurity rules among your remote workforce.

 

How Paubox can help

Healthcare industries have seen a significant increase in ransomware attacks in recent months. Keeping data secure remains a top priority. Paubox Email Suite Premium is the ultimate solution to sending HIPAA compliant email while also keeping sensitive data safe from numerous threats. Our solution seamlessly integrates with your existing email host (such as Google Workspace or Microsoft 365 ) and transmit email with TLS 1.3 encryption , the newest and most secure version of the Transport Layer Security (TLS) protocol. Paubox Email Suite Premium also has inbound security tools to prevent threat vectors from infiltrating your inbox.  We cover everything from blocking display spoofing scams with our ExecProtect and DomainAge technology to setting up data loss prevention ( DLP ) rules to avoid intentional and unintentional data from being sent to unauthorized users. Don’t let your employees fall victim to security gaps. Make it easy for them and you by executing standard security risk management within your organization.
 
Try Paubox Email Suite Premium for FREE today.