Prior to the COVID-19 pandemic, the idea of your business supporting long-term remote workers never crossed your mind. The pandemic created a new mindset among business owners struggling to stay relevant, however, and forced many employers to shift their focus to supporting remote workers for the long-term.
In the wake of the pandemic, many business owners have decided to keep employees working remotely. These businesses will need to create standard operating procedures for the modern workplace. Many of these procedures will involve securing your network, creating acceptable use policies for work equipment within the home, and other cybersecurity concerns.
Small to Medium-Sized Businesses Were Not Initially Prepared for a Remote Workforce
Small to medium-sized businesses were not prepared for the shift to a remote workforce. While half of the businesses owners taking part in a survey claimed to be worried about cybersecurity in the transition to work-from-home, around 40% of these same owners were concerned that the current economy would keep them from making any investments in additional cybersecurity strategies.
Larger companies were able to quickly transition their employees to a work-from-home model, but SMBs were less prepared. Many of these smaller companies relied on employees working with personal equipment, and several months into the pandemic, these employees still are. Cybercriminals are taking advantage of these vulnerabilities at an alarming rate; Infosec reported that organizations are experiencing a 23% increase in cyber incidents aimed at remote workers, and nearly half of IT personnel are shifting their focus to remote workers. Even so, 15% of organizations don’t have the resources to equip and protect their remote workforce.
With an uncertain economy and finances already stretched to the limit, cybersecurity and IT concerns may not be at the top of a CEO’s priority list. Many are already cutting IT personnel and re-allocating their IT budget to cover other business-related costs. This leaves SMBs wide open for breaches.
Round two of COVID-19 finds many businesses already shifted to remote work, with no end in sight. There are a few steps your organization can take to secure your remote workers and your network without going over budget, however, and with many of the IT tools you already have in place for your office.
Securing Your Network with Remote Workers
Cybercriminals may not on your mind, but your organization is certainly on their minds. They have been using the crisis to target unsuspecting victims, just like your remote workers. Spoofing, phishing, and Business Email Compromise are just a few of the ways your network is at risk. Your employees are also using their machines and devices to surf the net, shop online, follow questionable links or websites, and engage in risky online behavior. It’s dangerous enough for your employees, but now your network is more vulnerable than ever before, too.
Let’s look at inexpensive ways you can tighten up your network security and keep your remote workers from accidentally exposing your organization to cybercrime. You and your IT department may have hastily thrown together a remote work security plan; it’s time to make the plan sustainable for the long-haul.
1. Reassess Your Risk
Remote workers bring new challenges and vulnerabilities to your network. What may have been an efficient cybersecurity strategy plan in the office may be weaker with a remote workforce.
It’s time to reassess your risks. Some key things to evaluate might include:
- Remote workers with access to files not required to perform job duties
- Workers using work related devices to access non-work-related sites
- Weak password requirements
- Unprotected endpoints
- Workers using personal devices that are not properly protected
- Remote workers sharing devices with family and friends
- Employees using outdated software
- Employees not installing updates and patches
These vulnerabilities may have been covered when your employees were on-site, but you will need to re-assess them with your remote workforce.
2. Update Your Remote Workers’ Cybersecurity Training
Require every employee to attend an online cybersecurity awareness training that focuses on the risks of working from home. Employees tend to be a little laxer on security when working from home; a cybersecurity class can remind them of the importance of staying vigilant.
You can send free phishing tests to employees as well, and see how many of them take the bait. These employees may require additional training.
Remember, your employees are always your biggest threat to your network security, even more so now that they are working from home.
3. Install Firewalls and Other Protections on All Devices Your Remote Workers Use for Work
Your organization may not be in the financial position to protect dozens of devices that have been added to your network. While free antivirus and free firewall protections are not the best solution, they are still better than no protection at all. The Antivirus Software Guide has ranked ten of the best free antivirus platforms available in 2020. Microsoft features its own free antivirus, Windows Security, available for Windows 10 users.
No matter what antivirus you choose, it’s only as good as the patches and updates your employees install. It’s important to remind them they need to update as soon as a new patch is released.
4. Password Requirements
Make sure your organization is using the GET STRONG approach to passwords:
G – GO WITH ENCRYPTION All passwords should be stored with encryption.
E – ESCAPE COMPLEXITY Even though the password rules may be complicated, try to create them so they are easily remembered.
T – TEACH EMPLOYEES Make sure all employees know and follow password rules and requirements.
S – SIZE MATTERS Longer passwords are harder to hack, so all passwords should be a minimum of 8 characters. System passwords should be between 12 and 50 characters in length.
T – TRUST NO ONE Add authentication processes to logins, such as Google Authenticator, Duo, RADIUS tokens, or other 2-factor options.
R – ROTATE OFTEN Users should change their passwords every 90-180 days.
O – OMIT DUPLICATES Never use the same password across multiple applications, systems and accounts.
N – NO CHEATING Disable password hints.
G – GET A VAULT Store passwords in secure vaults such as 1Password.
See our step-by-step guide for creating strong, easily remembered passwords here.
5. Acceptable Use Policies
It’s time to dust off the acceptable use policy and update it to include remote considerations such as who can access the network, what sights can be accessed, and other network safety measures. Remember that an Acceptable Use Policy can help protect your organization by proving you provided your employees with direction. Make sure to retain a signed, or e-signed, copy in the employee’s file.
Remember that restricting an employee’s use of a personal device is controversial, so its important to balance freedom with safety if your remote workers aren’t using your organization’s equipment.
6. Back it Up
This is the time to make sure your backup solutions are working. Many data losses come from employee error, and with so many remote workers accessing files via the cloud, this risk grows. An accidental delete of a file (or two, or twenty) can be remediated with the proper back up and storage solutions. If you aren’t sure where your backups are stored, this is the time to find out.
7. Encourage Your Employees to Report Suspicious Activities
Accidents happen. Someone will click a suspicious link, open an infected file, or even fall prey to a phishing scam. Cultivate a culture of trust; encourage your employees to report an incident as soon as it happens so it can be remediated quickly.
8. Limit Access to Files
Not all employees need access to all your files and applications. Protect your network by assigning roles and responsibilities, then matching these with the applications and files needed to perform job duties. If a hacker is successful in breaching one employee’s accounts, they will be limited in the damage they can cause if they are restricted from accessing all the organization’s files and applications.
9. Multifactor Identification
Multifactor identification requires two or more “tests” before access is granted. These consist of something you know (a password) with something you possess (like a cellphone or fingerprint). Without both pieces of the puzzle, the bad actors can’t log onto your network or access files and data.
Call in the Pros
MSPs specialize in creating strategies that protect networks and save money. Iconic IT is the home of the “free hour and dark web scan” consultation and assessment, with no risk or obligation. You can use your assessment to evaluate your IT strategies and get suggestions and recommendations for increasing your security in a world of remote workers and increased cyber risks.
Contact us now for your free consultation and let us help you create the strategies you need to sustain your remote workforce.
Not ready to chat? Download Iconic IT’s free DIY Cybersecurity Checklist for your own assessment of your security strategies.
