With the onset of and response to COVID-19, the odds are increasingly likely that your company has shifted to a remote work setup for the employees that can do so. Remote work can change the way you do business – some ways for the better and in other ways that can challenge you.
One concern that exists in a standard office environment is cybersecurity – it’s a critical part of protecting your company’s hardware, software, and information from hackers trying to compromise your company. But the steps you take to secure your business’s digital infrastructure become even more important when the majority of your team is working remotely.
It helps to have your team members well-versed in the various policies and procedures needed to maintain solid cybersecurity, and this becomes even more prevalent when they’re all working remotely. Let’s take a closer look at the various components of cybersecurity your team will need to be aware of when they’re telecommuting.
Phishing
Phishing email scams are some of the most common cybersecurity threats that currently exist. A phishing email is when a hacker sends an email from a source or email address that appears trustworthy. The email will include links the user is meant to click. Once they do, it can have any number of negative effects on the device, operating system, or network.
These emails are specifically designed to appear trustworthy. They can prompt a user to check their performance review online. They can appear to be from their bank, notifying them to suspicious activity. The goal is to get the user to feel as if they need to click the link, exposing the device to whatever malware or viruses exist on the other side of it.
As with many cybersecurity protocols, an ounce of prevention is worth a pound of cure. By disseminating material ahead of time, you can educate your team without having them in your physical office. They’ll understand how to look out for phishing emails and what to do in case they do fall prey to one.
Home network WiFi security
A major transition your team will make as they shift to remote work? Moving from a company service to their individual internet service providers. Unfortunately, one of the biggest gateways for potential cyber threats is the strength (or lack thereof) of your individual employees’ home networks. Your employees will have varying levels of security on those networks. Some will have password protection in place while others may not. Some may be the only ones using their network while others may have multiple family members using it during the workday.
You’ll want to urge your team to practice sensible cyber practices when it comes to their home networks. Vulnerabilities here can lead to attacks that have the potential to spread to your entire network. Make sure all are using passwords for their WiFi networks and they have firewall protection in place (more on both of these below).
It should also go without saying (and with large-scale quarantining in practice right now, may not be as critical), but also remind your employees not to use public or untrusted networks to access WiFi on your company devices.
Antivirus software updates on company devices
Your company should have antivirus programs on all company devices. If they don’t, you should suggest to the company leadership to change this ASAP! If they do, make sure to circulate an email to staff asking them to regularly check to make sure their antivirus software is updated. Your program may install automatic updates, but if it doesn’t, your team members may need to do so manually. Your company’s security software is the first line of defense in protecting your employees’ devices and your company network.
Introduce your team to their IT support staff
If your team does suffer a cyberattack or experience some sort of widespread outage, you’ll need to be familiar with the people who help you deal with it. That’s why you should introduce your team to your IT support well before any type of cybersecurity issue. File this under cybersecurity preparedness measures you can take to slow the response to a future incident. After all, you don’t want to have to make these kinds of introductions after one happens. That only wastes valuable time.
Send an email to your team, copying your IT support team, letting them know the protocols for contacting IT support. Include their hours of availability, phone number, and email address. Also, let them know what type of incidents they should be contacting IT support about – some may not require escalation and there may be guidance available online or on your company’s internal employee website they can use.
Fake charities
Your team members may receive emails asking them to donate to a specific cause related to COVID-19. It may ask them to assist with financial relief for a group who lost their jobs as a result of their crisis. They may also seek money for hospital and healthcare workers or medical supplies. While it makes sense to want to help, remind your team to be extra vigilant about fake charity emails and scams popping up when disasters occur. Unfortunately, many hackers and scammers will attempt to prey on people’s good nature during a crisis. Remind your team to not open emails from email addresses they don’t recognize or trust that have COVID-19 or coronavirus in the subject line. Also, warn them not to open attachments on these emails either.
Strong passwords
When your team members are working remotely on their home networks, it’s also important to stress the need for strong passwords for any and all devices, systems, portals, and networks they may use. Share guidance with your team on how to build strong passwords that will leave their devices and systems secure, but won’t be hard to remember.
Some common guidelines on how to build a strong password include:
- Use at least 12 characters.
- Sprinkle in a combination of letters, numbers, and symbols.
- Don’t use a “dictionary word” or a combination of dictionary words.
- Don’t rely on obvious substitutions (i.e. “passw0rd”).
Take extra care with sensitive data
If your team members have documents or files with personally identifiable information or proprietary company data, be sure they’re careful in where they store or how they send that data. Remote work can cause employees to get a bit more negligent when handling this type of data.
For example, let’s say your company has a document with contact information for your executive leadership team in a spreadsheet form. One of your employees has access to that document and transfers it from their work device to a personal computer by emailing it to themselves or using a USB drive. This opens the document up to multiple vulnerabilities in both the transfer and where it’s stored on a less than secure device. Ensure your team knows to stick to company-approved devices and isn’t careless with sensitive data.
Firewall protection
Your operating system and antivirus software likely have firewall protection, but it can’t hurt to check. Make sure all your systems have up to date firewall protection or a VPN. This gives you another tool in your fight against hackers. It serves as yet another defense mechanism for your employees’ company devices.
Regularly back up your files
Despite all the precautions you can take, there can always come a time when one of your employees has their device or operating system corrupted. This could leave them unable to access important documents essential to the team’s operations. That’s why you should encourage them to regularly back up their files, particularly after they’ve saved an important project or document.
Rather than rely on your individual team members and their disjointed backup filing sources (i.e. flash drives, email, personal devices, etc), you’ll want some uniformity in how your team approaches this. Having an IT cloud solution meant specifically for your team’s files will ensure everyone’s saving their project files to the same location. It can serve as your project’s virtual backbone. Even if there isn’t a cyber attack or disruption, this is still good practice – it helps you keep your team’s work organized in a unified filing structure.
Maintaining situational awareness of cyber best practices
All the items listed above fall under the heading of cybersecurity best practices, and your team should be aware of each of them. The first step in maintaining proper cyber hygiene is to maintain situational awareness of these procedures and make sure they’re habits. You can also monitor the U.S. Computer Emergency Readiness Team (U.S. CERT) National Cyber Alert System for up to the minute news on emerging threats, security updates, patches, and other important cybersecurity information. You can then relay anything to your team they may need to know.
It’s critical to stay educated, both for you and your team. It also helps to partner with a remote IT support provider who understands the above issues, can help provided dedicated IT support to your remote workers, and can help you prepare for and respond to any cyber events that befall your team. Applied Innovations can be that partner. For more on how we can help your organization maintain a strong cyber posture, contact us today!