When Employees Are Working Remotely: Four Cybersecurity Risks Nonprofits Must Know

According to a recent Gallup Poll, 62% of Americans employed during the pandemic are working from home — a shift that includes temporary and permanent changes to a company’s workforce.

It seems as though almost overnight, the nonprofit sector moved the workforce from familiar offices to remote spaces. And while this may have provided a safer environment, it has also increased opportunities for cybercriminals to hack into systems. For most nonprofits, having little or no preparation has created greater risks by way of unsecured Wi-Fi connections, the use of personal devices, and operating on web conferencing platforms without the proper data security controls.

The fact is, COVID-19 has changed the way nonprofit employers view staff who are working remotely from homes and other locations. And while organizations may have strong cybersecurity measures in the office, they may not be aware of additional exposures associated with employees working remotely. The following are key risks nonprofits should be aware of when it comes to employees and volunteers who are working off premises.

Low security for network connections. Typically, most organizations use strong and continually updated network connections to help keep information secure. However, this isn’t always the case for employees who are working remotely. To better safeguard information when working off premises, employees should always access data via the organization’s virtual private network (never a public Wi-Fi network) and use multiple authentication processes and strong passwords.

Phishing. Cybercriminals are taking full advantage of employees who are not able to quickly verify emails from their colleagues or those who are not automatically blocked by a firewall. Organizations need to train employees to open emails only from trusted sources while working remotely, as opening unverified emails or attachments can allow hackers to access sensitive material on an employee’s computer and hard drive.

Employee-owned devices. Organizations should have remote employees use only devices that are owned and maintained by the company. The fact is, home computers and other devices may not have strong security or updated software, which could potentially harm the organization’s data.  If it isn’t possible to provide company devices, organizations should take steps to make sure employees know best practices for safeguarding data and mitigating cybersecurity risks.

Outdated procedures. With job situations changing so fast during COVID-19, many organizations had little time to create or update their cybersecurity policies. Now that many nonprofits are beginning to slowly reopen, it’s important for employers to take the time to establish a clear and updated remote work policy to ensure data security. This includes employees knowing what tools and platforms are secure when accessing data as well as where to turn if they believe a breach has occurred.

Today’s business culture has changed and will likely remain different for the foreseeable future. Nonprofit organizations should be taking the necessary steps to ensure their employees and data are secure.

In these unprecedented and uncertain times, the entire team at Charity First remains committed to providing our retail partners across the country with best-in-class underwriting, consistent and responsive service, and risk management services. To learn more about our comprehensive cyber coverage products, please contact us at 800-352-2761 or marketing@charityfirst.com.