Security tips to keep your company safe from cyber threats while working from home. These 4 steps are the basics of what you need to have in place now to protect your business.
Protecting your company with a remote workforce can be broken down into four valuable, easy to implement steps. Follow these four steps to help you keep your teams protected, connected, and efficient without hurting your budget or requiring upgrades to existing equipment.
Step 1: Protecting Your Company Network and devices
Protecting your company with a remote workforce begins with securing your network and devices. You need to protect your sensitive data as well as your employees’ credentials, no matter where your teams are logging in.
Network Protections
No device should be permitted to connect to your company’s network unless it is fully protected with a security solution. Using a VPN is a good place to start, but it is not a stand-alone security platform. Your business may not be in a position to offer employees work-issued devices; make sure their personal devices are up to the same standards of security that your work stations are.
Use Windows 10 Firewall
Windows 10 offers free firewall. A firewall is a virtual barrier that will help stop unauthorized users from accessing a private network.
Setting up Windows 10 Firewall is easy for any user.
- Right click your start menu
- Click Control Panel
- Find Windows Firewall
- Toggle it to “On”
Windows 10 Firewall is a free layer of added protection for all devices. Firewalls aren’t always effective by themselves, but they are a valuable tool in your overall security platform.
Install Antimalware
The final phase of protecting your company’s devices and network is to install antimalware in every device that will be accessing your company’s network. This includes, at the minimum:
- Antimalware software
- DNS filtering
- Antivirus Software
- Email filtering
Step 2: Have the Right Systems in Place
Your teams need to connect, store data, and create files in safe places while working remotely. They will also need a safe route for data transfers and a safe way to connect with your network.
Connect, Store and Share Data Effortlessly on the Cloud
The easiest solution for data storage and file sharing is a cloud-based platform. Cloud solutions store data in shareable files rather than on individual devices.
There are many file sharing applications out there but be advised: they are NOT all the same. Using common public cloud solutions such as Box and Dropbox may be fine for individual users, but they fall flat for businesses. They don’t require the same level of security that other business-oriented cloud solutions, such as Teams, offer. This means the very solutions you rely on to stay connected can cause you significant security risks that your IT department may not be able to monitor and control.
Office 365 and G Suite offer OneDrive and Google Drive for file storage and sharing. These are more secure than other commonly used platforms like Box and Dropbox. Check your subscriptions and see if you are already receiving these applications as part of your services.
Teams is part of Office 365, but you don’t need a subscription to Office 365 to use this application. Microsoft is currently offering Teams for free to all users.
Password Security Best Practices
Your employees need to organize all their passwords to avoid the pitfalls of repeating passwords for the sake of convenience. The easiest way to organize passwords is using a password manager, like LastPass. LastPass can generate random passwords and store them or allow your employees to create unique passwords for each site. The passwords are then auto filled into each application and site the employee accesses. LastPass is free to use.
Remind your employees that they should never share their passwords in emails or via any clickable links.
It’s vitally important to monitor the Dark Web, either internally with your IT department or externally via a third-party service. If an employee’s password is found on the Dark Web, immediate action is needed to mitigate the damages. The password and any variations of the password must be changed as soon as the password compromise has been discovered.
Use a VPN
A VPN is a great step in securing your network. It bridges the gap between your office firewalls and the devices you are now using to access your network.
Remember that your VPN is only as secure as the employees using it. Make sure that your teams never connect to unprotected Wi-Fi, even with a VPN. Hackers target unsecured Wi-Fi connections to steal passwords, usernames, and other sensitive data.
Step 3: Tracking and documentation
You will need a way to track all the devices and other assets your employees are taking home.
In addition, your IT department or HR department should be tracking which employees have special access to sensitive data such as financial data (payroll, banking), social media sites, administrative restricted applications, and other privileged sites. If an employee is laid off or fired, his or her access to every site must be revoked immediately.
Step 4: Employee training
Your employees will be using tools they are unfamiliar with, and some employees may even “push back” on security features such as two-factor authentication. You may already have cybersecurity training in place for all employees, but this is the time to reinforce it.
Don’t Click Links
Your employees should be reminded that they should never click any attachments or links that are suspicious in nature. This includes links sent from unfamiliar addresses or questionable requests from known sources. When a “psychic” asks your name, your first response is, “Don’t you already know that?” The same applies here. Your HR department will not be sending random requests for information they should already have, for instance, and your administrators will not ask for login credentials.
Phishing Attempts
The bad guys love to cash in on a crisis, and remote workers are their favorite targets. Remote workers aren’t as connected to their coworkers and may be laxer about security. Remind your workers that they should always:
- Verify addresses
- Never click any email with grammatical or spelling errors
- Never click emails from unrecognized sources
- Never click emails with generic subject lines
- Never click any email where the subject contains odd requests from “known” sources
Encourage the employee to reach out and verify any unusual requests from trusted sources.
Protecting Your Company with a Remote Workforce by Restricting Device Sharing
Protecting your company with a remote workforce is a great time to dust off your acceptable use policy or create a new one. One topic that should be covered is device sharing.
It’s a very common practice to share devices with family or friends, especially if it’s “to check email” or share a video or social media post. Make sure your employees are using the devices they are using for work only for work. Family and friends should never be allowed to access these devices.
Remind employees that their devices are protected via VPN, and that anyone using the device on a different network is placing the device at risk. This risk is now potentially carried back through the VPN and to your network. Protecting your company with a remote workforce means enforcing your acceptable use policy or taking some time to create a new one.
Only Save and Share Work Data and Files on Protected Devices
Remind your employees that as tempting as it is to use their personal laptops to work from home, this is only acceptable if the device is properly protected as discussed above. Your company files and data are at risk when saved to personal, unprotected devices.
Use These Steps Across the Board to Stay Safe
Consistency is the key to protecting your company with a remote workforce. These strategies are only as effective as the plans you make to implement them uniformly, across the board. It will only take one infected device or careless click to infect your network, so develop a strategy to put these steps in place throughout your workforce, including those who may still be working from the office.
Iconic IT has gathered a large resource pool of informative blogs, videos and more relating to the current crisis, cybersecurity threats, and working remotely efficiently. Every resource is free to read, free to download and use, and free to watch.
Iconic IT is available to help you with any questions or concerns you may have; contact us if you don’t see your questions answered within our resource pages.