March 11th, 2020
Subscribe to our blog and stay up to date
Due to recent events in the world, there’s been a shift toward encouraging the workforce in certain areas to station themselves remotely. Unfortunately, threats still exist and cybercriminals could view this time as an opportunity to hack into your system.
It's vital to follow cybersecurity best practices when working remotely. This means that you need to educate your workforce to help them protect your company's data (and their own). A third of organizations have experienced a data loss or breach directly because of somebody working remotely.
There are a few steps you can take— doing these things can dramatically reduce the likelihood that your organization gets breached:
It’s imperative to reinforce that work computers are for work and personal devices are for personal activity, including email. A lot of people are tempted to do a quick email check or similar on their personal computer, which generally doesn't have the same antivirus and endpoint protection. Most people also tend to drift behind on software updates, meaning they don't have the latest patches installed.
Having a policy that work activity can only take place on approved devices mitigates this.
Enabling a mobile device management (MDM) solution on all company and approved devices will allow your organization to have better insight into your endpoint security.This is essential for tracking inventory and rolling out security policies in bulk if need be. Look at it this way— for most organizations the cost of lost data is far greater than the cost of a lost device. It’s for this reason incorporating an MDM solution to manage, monitor, and secure mobile devices for official use is vital.
So what happens if a device is lost or stolen? Make sure employees know that their devices can actually be remotely wiped if stolen so they can make sure to back up their data if not using cloud storage.
Hard drive encryption should be a must for most organizations at this point. When every hard drive within your workforce has encryption enabled, your security posture is stronger. A stolen laptop or mobile device is no longer a detrimental security threat. Due to encryption, the data simply won’t be accessible without another vector of attack like stolen credentials.
With the remote workforce taking their company-issued devices “out of office” and into the wild, these three things (hard drive encryption, firewalls, and latest OS updates) will ensure a strong foundation of security.
Virtual private networks (VPNs) ensure a secure connection between a device and the company network. All remote employees should use a VPN. You should encourage your employees to remotely test their access to this so they are not left susceptible to unsecure networks.
Your IT department or MSP should choose and mandate a quality VPN— it’s important to keep in mind that not all VPNs are created equal.
The most important thing is to avoid public wifi. If you must use public or hotel wifi, you should use a VPN to protect and encrypt your connection. For extra measures, you should also warn your employees never to do sensitive personal activities such as banking over public wifi, in order to avoid their own identity theft.
As a policy, multi-factor / two-factor authentication should always be used so it is harder for somebody to access the network from a stolen device. This is having a secondary form of authentication, usually a multi-digit code sent to a separate mobile device—for when employees sign in into apps with critical information.
By utilizing additional layers of authentication, even if your employee has their company device stolen, someone won’t be able to log into any important online accounts that store your sensitive company data.
Most people have their own wifi routers at home to provide internet access. However, the issue is that many people might have gained access over time when visiting and save the password to your home network. Before long, a lot of people know your home wifi password and people can connect to your router any time they pass by your apartment or home.
Once the password for access gets out in the world, it is very difficult to control who can access your home network. Therefore, you need to consider implementing some changes that protect you from intruders especially if you envision working remotely for a long period of time.
One of the most common causes of data breaches is people getting hold of a device, even for a few moments. It might seem like common sense, but employees should never leave a computer, phone, or other device unattended especially if working remotely from a public place like a coffee shop, hotel, or airport.
It’s important to reinforce the importance of locking device screens and putting them to sleep in environments that might not be a worker’s typical work environment. While it’s easy to leave a computer unattended at our own offices (although not recommended!) we should be mindful of the fact that not everyone in society can be trusted.
Figuring out all your bases to cover is not an easy process to navigate, especially in times like these— and that’s why Electric is here to support your SMB. Electric can work closely with your organization to help you find the right solutions to make remote work easier and more secure.