Due to the impact of the coronavirus pandemic, countless businesses have become 100% remote workforces, practically overnight. This sudden change presents a variety of challenges, including how to keep your business data safe while your entire staff is working from home.
Your employees are likely using their personal devices for work, and they don’t have the same level of security on their home networks that you do in the office. Not only can this put sensitive information at risk, but it can make your whole office network vulnerable.
Here are our four top cybersecurity tips to protect your business while working from home. Thanks to Petra Coach for compiling this information.
Step 1: Basic Cybersecurity
The first step is to ensure that whatever devices your remote workers are using have basic security measures in place. If you can provide dedicated work laptops, great. But in most cases, your employees are going to be using personal devices out of necessity.
Here are three things you need to implement right away to protect your company’s network and sensitive data.
Secure Every Device
Make sure every computer your employees are using has essential security software installed:
- Antivirus Software
- Antimalware Software
- DNS filtering
We recommend BitDefender, which consistently ranks #1 among antivirus solutions for protection, performance, and usability.
Don’t Allow Connections from Unsecured Devices
Never allow a computer to connect to your business network without having a complete security solution installed. You wouldn’t let anyone connect an unsecured personal device when they’re in the office. Don’t let them do it over VPN when they’re working remotely, either.
Enable Windows 10 Firewall
One of the problems with a home network is that there are other people on it besides your employees—spouses, kids, neighbors, who knows? If you’re using Windows 10, enabling Windows 10 Firewall prevents other devices on your home Wi-Fi from cross-infecting your computer (and by proxy, your business network).
And if your employees are still using an outdated operating system like Windows 7, they should definitely upgrade!
Step 2: Cybersecurity Training
With all the uncertainty and emotion surrounding the pandemic, coronavirus phishing scams are at an all-time high. One of the best things you can do to protect your business and your employees is to educate them on cybersecurity best practices. Here are a few simple cybersecurity tips to get started:
Beware of Phishing Emails
Phishing is the #1 cause of data breaches, according to Verizon’s 2019 Data Breach Investigations Report. Phishing emails have gotten more sophisticated and harder to spot, and especially during this chaotic time, it’s easier for scammers to trick you. Educating your team to spot and avoid phishing emails is one of the best ways to protect your business.
Don’t Click Suspicious Links
Never click on a link in an email unless you’re 100% sure that it’s legitimate. Always verify that the sender’s email address and the destination URL of the link are accurate. Be especially cautious if you click on a link and the page asks you for a username or password. If you or your team members have any doubts, visit the sender’s website directly or contact your IT support team for help.
Don’t Leave Your Computer Unattended
Make sure your computer is password protected and locked when you’re not using it. And if you’re using a laptop, don’t leave it lying around or let other people use it. It may seem harmless to allow a family member to do a quick Google search or watch a YouTube video, but they could accidentally mess up your business files.
When you’re working from home, make sure your work computer is only used for work.
Don’t Save Documents on Personal Devices
Resist the urge to save work documents on your local machine or personal cloud storage account. While it might seem more convenient for a quick project, you don’t want critical company data saved on individual staff members’ devices. Not only is it impossible for the rest of the team to access the information, but you also can’t back up the data like you probably do on your work network.
Want to Train Your Staff about Phishing?
Educate your team and send simulated phishing emails to train them to protect your business.
Step 3: Cybersecurity Systems
Once you’ve covered the basics and your team is up to speed, it’s time to ensure you have all the tools and software you need to keep your network and data secure. Our IT support team can help you get these critical cybersecurity solutions in place:
Use a VPN
A VPN or Virtual Private Network creates a secure connection between your home computer and your office network. If your employees are working on a public or unsecured Wi-Fi without a VPN, they’re putting your business at risk, because hackers can steal information that’s being shared across an unsecured connection, including usernames and passwords.
Use a Password Manager
Don’t let your staff use bad passwords, or reuse the same passwords for everything. 81% of hacking-related breaches leverage weak and/or stolen passwords. Using a password manager will allow you to use strong, unique passwords for every login. It also ensures that your entire team can securely access the passwords they need while they’re working remotely. That way, you NEVER share passwords by email.
Scan for Stolen Passwords
Regardless of how careful you are, it’s likely that one or more of your business’s passwords will get hacked. You must know WHEN it happens, so you can take action before a major data breach occurs. Dark web monitoring solutions like our Password Watchdog service will scan hacker sites and alert you when any of your passwords are stolen.
Use Existing Shared Storage
As we mentioned earlier, you don’t want employees to save company data on personal devices. They should continue to use existing shared storage—like shared drives on your company network—while they are working from home.
If you use Office 365 or the G-Suite, an existing OneDrive or Google Drive can be a good option too. Just avoid using cloud sharing services like DropBox or Box. They often sync data onto any device you log into, which can mean your company data finds its way onto personal devices that your IT team can’t protect.
Step 4: Document Your Policy
Finally, make sure you’re documenting your work from home security policies and keeping your employees informed. Here are a few things you should keep track of now that will save you a lot of headaches later:
Keep Track of All Company Equipment Being Used at Home
Keep a record of all physical equipment your staff is taking home like laptops, monitors, or phones. You don’t want to be hunting down missing equipment once everyone returns to the office.
Make a List of Who Has Access to Critical Information
You should always know who has logins for critical, sensitive, or confidential information like payroll, bank accounts, social media accounts, etc. Especially when you’re working from home, you want to know whom to contact in an emergency.
If a team member is laid off, it’s also important to revoke access to critical sites before they’re let go.
Keep a Running List of Recommended Tools
When you’re in the office, it’s easier to control what software or applications are being installed on your work systems. With everyone suddenly working remotely, many teams are testing out a ton of new software tools for conferencing, collaboration, file sharing, and more. Share a list of safe, approved tools, and provide instructions on how to install and use them correctly.
Is Your Team Set Up to Work from Home Securely?
We may be remote ourselves, but our EZComputer Solutions team is here and ready to help with your remote work needs. Whether it’s setting up a VPN, Office 365, or providing cybersecurity solutions, we’ll make sure your team is equipped to work productively and securely from home. Contact us today.