Because of the COVID-19 pandemic, many companies shifted from offices to remote work to keep their employees safe. With a lot for staff members working outside of the office for the first time, businesses are dealing with new cybersecurity threats and challenges. The reason is simple: cybercriminals are taking advantage of all the confusion and moving parts. Here are three things all companies with a WFH policy can do:
1. Upgrade your security solutions
Technology is always evolving, and security solutions evolve to match. There’s no time like the present to assess your current cybersecurity and flag any gaps and ways to improve.
You want to be proactive and upgrade your systems as soon as you identify a need instead of doing damage control for a cyberattack after the event.
Here are a few ways to tighten cybersecurity for remote workers:
- Ask all employees to use multi-factor authentication (MFA). With employees jumping between email, document drives and third-party software programs during their workday, it’s important to add an extra layer of security. What is MFA? It requires you to provide at least two forms of verification before you can access the site or system you’re trying to enter. For example, your employees might type in their password, and then enter a code they received via email or text. It may be a little time-consuming, but this simple cybersecurity step blocks 100% of automated attacks, according to Google.
- Secure your devices with endpoint protection. Thanks to the internet and cloud technology, all of our wireless devices are connected — from our laptops and tablets to smartphones. While this makes it easier to access information wherever you are, it also creates more paths for hackers to launch an attack. Endpoint protection software and remote workforce solutions work to detect, analyse and block those attacks by securing endpoints (or entry points) of “end user” devices, like laptops.
- Require employees to connect to a Virtual Private Network (VPN) at home. Why use a VPN? These networks secure your WiFi connection, encrypt the data you send and receive, and hide your IP address. They’re an effective way to improve your privacy online, and they can be accessed on a desktop, laptop or smartphone so employees are protected even when they’re on the move. If you have employees that aren’t as tech-savvy, offer to set up a VPN on their behalf.
- Install the latest antivirus and anti-theft software on all devices. To protect your company devices from malware, ransomware and identity theft, install a sophisticated antivirus software. It will also block offensive content and scan attachments and images for viruses, which is key to keeping company information safe.
2. Train your staff on cybersecurity
Many data breaches are the result of human error, like opening a phishing email or clicking on a link that downloads a virus. Employees may not be aware of best practices and make simple mistakes, leaving the company vulnerable. This can all be avoided with cybersecurity awareness training.
It’s a good idea to set up formal training that walks employees through the ideal WFH setup and how to identify threats.
Be sure to cover these essential WFH points:
- Give your home internet network a name that can’t be linked to you. For maximum security, make your WiFi network’s name or Service Set Identifier (SSDI) obscure and hard to guess. So, instead of calling it “Jane Doe’s house,” go for a completely random name or phrase. This makes it difficult for hackers to gain access.
- Create strong passwords, and change them every 60 days. On a similar note, select complex passwords that don’t reveal any personal information. Use phrases instead of singular words, and include a mix of numbers, capital letters and special characters.
- Update your security settings. To encrypt data, go to your network settings and choose WiFi-Protected Access 2 for your network (also known as WPA2). Then, pick AES for your algorithm.
- Never open emails from unknown senders. Phishing emails are on the rise during the pandemic, with hackers taking advantage of more employees working from home. All employees should learn how to spot a phishing email. If you receive a suspicious email, don’t click on it. Instead, mark it as spam and send it to the company’s IT department for investigation. And if you do open an email you thought was from a trusted sender, avoid replying or clicking on any links or attachments.
- Accept all software updates. Train staff members to download software updates as soon as they get a notification. Every update strengthens cybersecurity and fixes any flaws, so it’s important to stay on top of them. You can turn on automatic software updates so you don’t miss any.
- Use your work devices for work purposes only. Try not to store personal passwords or information on your company devices, and use different browsers for work and personal searches.
3. Prepare a solid response plan
Even with all these measures in place, your company could still fall victim to a cyberattack. Now that you know how to maintain security when employees work remotely, it’s important to have a plan to respond to and recover from cybersecurity incidents. This will help you to launch into action as soon as your company has a security breach and limit the damage.
A crucial part of this is ensuring all employees are backing up their data. Aim for two encrypted backups: one on an external hard drive or flash drive, and another on the cloud. That’s how to protect sensitive information.
Dealing with a cyberattack is devastating. But if you have a backup, you’ll be able to recover lost data and resume normal operations quickly.
Any company with a WFH policy will benefit from applying these tips to build their cybersecurity and ward off hackers during these challenging times. You can even access free cybersecurity training to help businesses stay safe online. Schedule a cybersecurity training for your team, and start applying these tips to keep your colleagues and employees safe online.
“The opinions expressed by BizWitty Contributors are their own, not those of BizCover and should not be relied upon in place of appropriate professional advice. Please read our full disclaimer."