As your business has shifted to an increase in remote work due to COVID-19, it’s important to revisit what you know about cybersecurity for your remote workers.
The rise in off-site employees has also increased the number of devices and an increase in the use of online conferencing tools. Unfortunately, this also means an increase in cyber attacks and data breaches. Right now, experts are saying the end-user threat has skyrocketed. That’s because thousands of workers across the country have moved from their private networks to their personal computers or devices.
According to one Comcast report, service attacks have increased by 33% as an effort to exploit current vulnerability and behaviors.
One example of this is the Zoombombing. With everyone from schools to both small and large businesses taking to platforms like Zoom to keep their work moving ahead, it has exposed vulnerabilities where uninvited guests can pop in to Zoom chats. While many of these are merely annoying, in some cases, this can be harmful to the business itself.
This isn’t a time to panic or stress, but this is a good time to review what you know about cybersecurity and what you are doing to keep yourself and your business safe.
The best way to look at this is an opportunity to improve your systems so that you and your team can continue working from home or — even enjoy the benefits of a more remote office experience in the future.
SMALL BUSINESS AND CYBER SAFETY
According to a survey by the Cyber Readiness Institute, 60% of small businesses don’t have a cybersecurity policy.
Traditionally speaking, small and mid-size businesses tend to have fewer resources to protect against and respond to these threats because they feel they aren’t as commonly targeted — in the traditional sense.
While your business may not be a target for major data breaches, every individual and small business can still be vulnerable to online threats.
The most common online threats to you and your small business are —
- Unsecured wifi networks
- Using personal devices and networks
- Scams targeting remote workers like phishing emails, websites and apps that can have malware.
Cybersecurity for remote workers doesn’t have to be overwhelming. In fact, we’ve compiled a simple list that will help you get started.
THREE THINGS YOU NEED TO KNOW ABOUT CYBERSECURITY FOR REMOTE WORKERS
The biggest threat small businesses face in cybersecurity is the end-user because, unlike verified private networks or company-issued (and maintained) devices, it’s difficult to ensure how well-protected the worker’s device is. These three-things will help you get started ensuring that your company stays safe during this time.
1. Educate yourself and your team to look out for phishing emails and malware targeting.
In today’s day and age, the traditional phishing emails we remember may seem so obvious, but some of the tactics aren’t so obvious these days. It’s important to educate yourself and your team to look out those tactics.
While speaking on cybersecurity, one Comcast expert shared that the number of URLs has significantly increased during this COVID-19 crisis. This showcases an opportunity for fake sites that might look like they are giving important coronavirus information or updates — or medical information and instead are opportunities to install malware on personal devices.
Simple steps such as making sure sites have the https at the beginning shows that the site has an SSL certificate can make a world of difference.
Phishing emails impersonating trusted sources are especially enticing during times of emergency. When most people are trying to stay up-to-date on what the World Health Organization and CDC or their company is saying, it’s important to remind people of how to spot a phishing email and how to be careful in the process.
Teach your team how to be on the lookout for phishing and work-from-home scams.
2. Do the basics well before trying anything else.
In times of emergency, it’s best to go back to the basics and do them well.
Here are a few basics that everyone (including your small business) should do —
- Use multi-factor authentication on your accounts and services.
This is simple, but effective. Most every resource from Google to Basecamp can facilitate multi-factor authentication.
- Make sure to set access privileges for users where needed.
It’s simple, but it’s important to remember. Set access privileges where possible and where needed. Not every employee needs access to the same information for their job. This can help keep any network penetration from spreading to the entire network.
- Create strong passwords.
Be purposeful in your password creation. It can be easy to focus on passwords that are “easy to remember”, but security is more important. Once you’ve thought it through and done your research, be sure to document that as your policy moving forward.
- Use anti-virus software and install updates regularly.
This is another one of those basics that can make a world of difference. Don’t just put off updates; there’s a reason for them.
- Use tools like a VPN (Virtual Private Network).
VPNs are a basic, but very important cybersecurity tool to protect you and your business. And currently, you’ll be able to get a good deal on your service because the demand has grown with the remote work requirements.
While additional tools such as encrypted communications, securing your router, and backing up your data are also good, the list above is a great place to get started with your new cybersecurity effort.
3. Create a cybersecurity policy — even if it’s currently just you.
No matter how small or large your team is (even if it’s just you), it’s important to create a policy for your cybersecurity.
Here are few questions to get your started in your policy process —
- What are the safety measures you want to take for your internal or team communications?
- Which safeguards do you want in place to protect your client or customer’s information?
- What steps would you take if your device or network were compromised? (What would that look like for your team?)
- Will you require that team members use company-owned hardware?
- How will you ensure end-user safety in your network so your business isn’t compromised by a remote worker’s compromised device?
- What training or updates will you want to put in place?
Those are just a few things to consider. The goal is to think through the process and determine what policies need to be put in place same as any other training or employee on-boarding.
CYBERSECURITY MOVING FORWARD
Tackling things like cybersecurity and pivoting during a pandemic can seem overwhelming, but there are also great resources we’ve assembled to help you get personal advice for your business during this time. (Click here for links to those resources.)
Do you have a policy and plan for cybersecurity for remote workers? Share what has worked well for you in the comments below.
Written by Corrie McGee