Many organizations that eschewed remote work embraced it during the pandemic. Now, despite the abatement of the virus in many areas, organizations realize that adding a remote or hybrid work option to their policies is to their benefit. Not only can they attract more qualified applicants, but they can retain employees who might otherwise leave them without the availability of remote work.
Given that remote work is here to stay, it is important to look more at the cons as well as the pros. We know that remote work is attractive to employees. But on the flip side, as more people log in virtually, remote work is attracting cyber criminals, too. Criminals are finding remote workers an easier target. It’s vital to take steps to safeguard your organization against cybercriminals who can exploit remote workers and tap into sensitive data.
Scammers on the Rise
Scammers have always plagued organizations with all sorts of ploys, but the pandemic seems to have increased their number. Here are some of the newer scams hitting corporations and organizations nationwide. Many of the victims are remote workers.
The gift card scam: In this scam, someone pretending to be an employee, manager, or even the president of an organization messages an actual employee and asks them to purchase a gift card or debit card. The story is typically that the manager/president is in a meeting and wants to surprise someone with a gift card, but they can’t leave the meeting to purchase it. They ask the employee to purchase the gift card online and send them the information via a text or email. The scammers, of course, make off with the information needed to redeem the gift card, leaving the employee with the bill.
The” I lost my password” scam: Criminals know that executive assistants are often entrusted with sensitive information by senior-level executives. Many executive assistants know their supervisor’s birthdate, social security number, or computer password, for example. In this scam, someone purporting to be the manager contacts the assistant and pretends they’ve lost their password. If the assistant is working remotely, they may not be able to ask the account holder if indeed they are looking for their password. Unwary assistants have divulged passwords to criminals who can then enter sensitive systems and make off with data they can resell.
Phishing scams: Phishing scams are still active, and some have gotten more sophisticated. Many arrive in workers’ inboxes and look like documents sent by HR departments. Often, the email includes a link to click to update personal information such as a W9. The link directs the person to a site that captures the personal data and can lead to identity theft.
Other Security Steps to Take
In addition to the proliferation of scams, few organizations have improved their cyber security to protect systems during remote work access. Steps your team can take to secure access to critical information include:
- Teaching remote workers basic home cyber security, such as protecting their SSID (home network) name and password, not accessing public Wi-Fi to link to organization systems, and not sharing a computer with open access with other family members.
- Asking workers to either use company-issued hardware, such as computer purchased laptops, for work related matters, or locking user accounts on shared equipment with other family members by using a password.
- Updating software, including operating system (Windows 11/MacOS) and commonly used applications.
- Avoiding free software and non-company approved downloads of apps or software to organization-owned hardware. Some downloads contain viruses, while others just contain bloatware (excess computer code that slows machines down).
Communication Can Stave Off Many Cyber Attacks
One of the best ways to avoid compromising sensitive data is to ensure that remote workers feel connected to their teammates and free to ask questions at any time. Set up instant messenger platforms such as Slack, WhatsApp, or others to enable coworkers to reach out quickly to colleagues. One quick note (“Hey, are you at a client’s office, and are you really asking me to buy you a gift card?”) can save a lot of headaches later.
Remote workers may be more vulnerable to scams than those working in-person simply because they don’t have easy access to supervisors to check on the story given to them by the scammers. By improving awareness and communication, you can do a lot to prevent cybercrimes at your nonprofit organization.
About Welter Consulting
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.