Cyber attacks. Data breaches. Phishing emails. None of these online security threats are going away. If anything, they’re only growing in sophistication and sheer numbers each day. Right now, cyber criminals are taking advantage of employees honoring COVID-19 work-at-home policies to hack into systems and obtain personal info and corporate data. For many small businesses, remote work is nothing new. Many employees work from home a few days a week or each month, even full time. That recent events have brought a justified and renewed focus to cyber security is no surprise, and businesses need to give remote workers the tools and technology they need to stay safe.
Because of COVID-19, small businesses and their employees have adopted new ways to work together over the internet. Beyond emails, chats and texts, the use of collaboration and conferencing video technologies has skyrocketed. All of this helps remote workers get business done, connect with clients and teams, and continue to enjoy coworker camaraderie. And while working from anywhere has many advantages — flexibility, autonomy, increased productivity — it also means data is everywhere.
If you don’t already have a cybersecurity plan in place, now’s the time. And if you do, a fresh review can’t hurt. Whether you work for yourself, have a staff of 5O or 5OO, here are some helpful guidelines that you can incorporate to provide your employees with the safest remote working environment possible.
1. Start with a Plan
Your #1 goal is to provide remote staff with the same level of security as your corporate network. In the office, employees call IT if they have a problem. If their computer gets infected by a virus, IT gets rid of it. If their system gets hacked, IT shuts it down. Working remotely is a different story. Having established online security policies and procedures to ensure safety across the board is critical to protecting your business against costly shutdowns, malicious malware and other system vulnerabilities.
2. Protect Your Business Data: Set Up a VPN
Because remote workers need to securely access corporate systems over the internet, the safest way to do this is via a Virtual Private Network or VPN. When employees connect online over a private server, the connection and all internet traffic is encrypted — keeping them safe from anyone trying to snoop, “read” or intercept what they’re doing.
3. Implement a Strong Password Protection Policy
This is probably the simplest safeguarding measure that your staff can embrace and should be a top-down mandate. There are password generating tools that can create random, hard-to-crack passwords. But, in general, here are some smart habits to follow.
Passwords should be:
- mandatory for access to all apps, devices and systems
- made up of a long string of upper and lower case letters, numbers, and special characters
- changed every three months or more frequently depending on security level required
- updated ASAP if foul play is suspected and new one verified by email or text message
- never be used twice or duplicated on a personal device
4. Layer on the Security: Two-Factor Authentication
Creating a strong password is step one. Two-factor authentication (2FA) ramps things up. When employees log on to websites, applications and systems with their username and password, an extra step is required to verify who they are before they can gain access [and keep unauthorized users out]. They will need to provide another piece of information via email or text: a personal identification number (PIN), a password, or answers to secret questions. More modern options include a fingerprint, iris scan or voice print.
5. Stay Proactive: Keep Systems Updated
Some days it feels like it’s one update after another for software or applications. But updates and patches fix vulnerabilities and are invaluable, not just for unwanted intrusions but optimal system performance. To make things easier, businesses and employees can set up automatic updates. Scheduling these during less busy times helps as well. Investing in the latest security software, web browser, and operating systems will also go a long way in protecting the personal and confidential information of employees and customers as well as company data, devices and systems.
6. Protect Data: Backup Regularly
Face it, bad things happen. Spilled coffee zaps the keyboard. A laptop falls out of the overhead compartment on a plane and cracks the hard drive. Ransomware wipes out your system. Because you have a lot of data to protect — documents, files, spreadsheets, databases, financial info, human resources data, and more — you can’t take the risk of losing any of it. Set up an automatic backup schedule for critical information weekly, if not daily, on all work computers. Whether you store your data on a hard drive or conveniently in the cloud, this is one thing you can’t afford to overlook.
7. Set Your Remote Workers Up for Success
In an ideal scenario, your employees are working on encrypted, company-issued laptops, computers and mobile phones, and enjoying built-in network protections as if they were still at the office: antivirus software, customized firewalls, and automatic online backup tools. Equally vital is rapid and remote access to IT staff when needed. But for those that are using their own equipment and devices at home, or just unable to access a VPN, this opens them up to more vulnerabilities and attacks. Here are some ways they can stay safe:
With laptops, employees can work wherever they want. But because of this easy portability, they’re also easily stolen. Devices should be password-protected and employees should be issued or use locks to secure laptops when not in use or left unattended.
It’s tempting to use a free Wi-Fi connection or hotspot when working from a cafe, library, the airport or another public venue. But doing so makes it easier for spying eyes to hack info. For added security, employees should only connect through a VPN or the built-in personal hotspot on their smartphones. They should also disable mobile Wi-Fi and Bluetooth so they don’t unintentionally connect to unknown networks or devices.
Hackers love routers! They’re like an unlocked backdoor to home networks. Many of us are out-of-the-box people and just use the password we’re given during set-up — making us more vulnerable to data breaches, curious neighbors and others. Employees should change the default password on routers and further secure their networks by hiding their wireless WIFI name [also known as SSID, Service Set Identifier].
- Mobile Phones
Now only do smartphones hold tons of personal and confidential information, including photos, but they can inadvertently provide criminals access to corporate networks. Require employees to password-protect their devices, install any necessary security apps, and immediately follow company procedures if phones are lost or stolen. Ensuring that a “Find My Phone” app is always turned on can help locate it faster.
Because they’re also connected to the internet, home printers don’t get a free ride when it comes to keeping data safe from attacks. Printers used for work-related activities should be on a separate network, have the latest software installed, and employees should download firmware updates as soon as they are released.
8. Keep Lines of Communication Open With Employees
Think of your employees as your partners in cyber safety. The more informed they are, the better they can protect themselves and your business. While you’re doing all you can to prevent or stop security breaches, stay open and transparent with your staff about your efforts. Continually share company best practices, provide training and education, and update them on new threats, the latest scams and phishing schemes. By working together, you can strengthen the success of your online security efforts during these uncertain times and down the road.
Meg Schutte is a Bank of Hope Blog contributor.
The views and opinions expressed in this article do not necessarily represent the views and opinions of Bank of Hope.