Do’s and Don’ts: Cybersecurity Tips for Businesses with a Remote Workforce

by

May 6, 2020

If you’re like most companies since the pandemic, you’re juggling a workforce that’s hybrid or remote. There’s employees working all or part time away from the office. Then there’s vendors and interns that may need full or partial access to your system. Add in a few service office locations in the mix, and you’ve got a recipe for cybersecurity headaches. Fortunately, managing your remote workforce isn’t hard with these remote work cybersecurity tips for businesses.

Cybersecurity Tips for Businesses—Our Top Dos and Don’ts

Do: Create a Zero-Trust User Authentication System

The best way to approach cybersecurity is through a “zero-trust” approach.

A zero-trust network assumes that every device and user is a potential threat to the network. The mindset of zero-trust is “never trust, always verify.” Users are continuously verified throughout their online experience in your network. Talk to your MSP or your internal staff about installing zero trust signins for your employees, which verify them via several methods when they sign in, and then continuously reaffirm their identity as they work.

Don’t: Neglect Employee/Vendor Training on Email Security

Phishing attacks are the number one vector for cyberattacks, accounting for an estimated 93% of breaches. These attacks are becoming increasingly sophisticated, making it far easier for unsuspecting employees to accidentally launch malware. Your employees are the gatekeepers for your security, with a responsibility to protect your network from these attempts. If you haven’t had a cybersecurity training in the last few months, it’s time to talk to your IT staff or MSP about providing one.

Phishing attacks are becoming increasingly sophisticated, making it far easier for unsuspecting employees to accidentally launch malware.  It’s important that your teams understand basic email security practices

Train your employees to view their emails critically. Teach them to ask important questions:

Is this email coming from a source that usually doesn’t communicate with me via email?

Is this really a message from your CEO asking you to install new software, or is this a phishing scam? Should I download this free report that’s been sent to me from a source I don’t recognize? Is this really a request from IT to download a security patch? Make sure employees understand the protocols around system updates, what’s usual communications from higher ups, and what kinds of unsolicited emails they should avoid.

Is this email requesting information that the sender should already know?

Your Human Resources Department will not send your employees requests for personal information via email; they already have the information they need on file. Any email requesting personal details should be immediately viewed as suspicious, no matter who the sender claims to be. Your employees are your first line of defense, so one of the best cybersecurity tips for businesses will include awareness of potential email scams.

Is the email requesting a password reset or a clickable response?

With website spoofing reaching all new levels of sophistication, hackers can create pages and logos that look identical to the original. Concerned employees will click links to follow instructions for resetting passwords or responding to “security concerns” without a second thought, believing the logo and site are genuine. Remind your employees that legitimate institutions will never send sensitive data requests via email and will never request “account verification” or “password resets” via a clickable link.

Does the email contain bad spelling, grammar, or generic “to” lines?

Everyone makes mistakes, and occasional errors in spelling and grammar are, by themselves, not entirely alarming. Awkward phrasing, blatant misspellings, and generic “To” lines, however, are glaring flags. It could be a red flag for a cyberattack coming from a foreign country.

How do I avoid common traps?

Phishing emails all share some common warning signs, but there are email best practices and steps your employees can take to avoid them altogether.

  • Encourage employees to pick up the phone and call someone to verify the legitimacy of an email
  • Never follow any clickable link to a website; use the browser and manually find the website
  • Do not download any files from an unverified source
  • Use a good antispam platform to limit the amount of phishing emails in you employee inboxes

Do: Use Two-Factor Authentication Protocol

One of the best cyber security tips for businesses is to require employees to use two-factor authentication protocols to log in to all devices. The idea of two-factor authentication is simply to combine “something you know,” such as a password, with “something you have,” such as a separate device. This helps to protect your network by reducing the odds that a bad actor will have access to both elements of the login requirements.

Integris cyber security for remote workers: Want to know more about two-factor authentication? Our guide will tell you everything you need to know about this easy to use, highly effective security precaution.

Don’t: Rely on Antivirus Software Alone to Protect Your Network

Four out of five small to medium-sized businesses admit that their antivirus platform failed to detect malicious attacks. This is proof that antivirus alone is simply not enough to protect your network.

Most antivirus platforms aren’t entirely up to the challenge of today’s evolving cyberthreats to begin with and trusting a boxed solution anti-virus software is risky. One of the best cyber security tips for businesses is to protect your network with a combination of security strategies to ensure maximum efficiency.

Follow These Cybersecurity Tips for Businesses, and Protect Your Network with a Free Cybersecurity Audit from Integris

Integris doesn’t believe in skimping on coverage for our clients. Unlike most MSPs that offer bare-bones services, we have plans as vast as the national parks they are named after. To us, anything else is underserving. We give you have the guidance and supplies you need, like a park ranger helping you through the forests and mountains of your IT issues and needs.

Integris provides small to medium-sized businesses with network assessments and complimentary dark web scan to ensure that there are no gaps in their security strategies. This audit also provides your business with a clear look at the state of your current IT, and provides you with strategies and solutions you can use right now to protect your network, assess your IT needs, and take the steps you need to keep your systems up and running smoothly.

[sc name=”blog-cta-cybersecurity3″]

We're Integris. We're always working to empower people through technology.

Keep reading

4 Cybersecurity Takeaways from China’s Largest Data Breach

4 Cybersecurity Takeaways from China’s Largest Data Breach

Cybersecurity drama strikes again as human error leads to China's biggest data breach and perhaps the most significant hack of personal information in history. According to Threat Post, the incident was triggered after a Chinese government software developer wrote a...

Social Engineering Hacks—Are They a Bigger Threat than Ransomware?

Social Engineering Hacks—Are They a Bigger Threat than Ransomware?

We're making a dent in hacking. Cybersecurity tools are better, and employee security training is better too. The emergence of the cloud means that hacker delights like uninstalled security patches happen far less. Now that most companies are backing up and operating...

The Business Impact of the AGCO Ransomware Attack

The Business Impact of the AGCO Ransomware Attack

On May 6, 2022, global agricultural equipment manufacturer and distributor AGCO announced they were victims of a ransomware attack. The cyber assault hit some of their production facilities on May 5. Restoring operations to normal will take several or more days. While...