The sudden shift to remote work has led many small businesses to adopt practices that may be creating considerable cybersecurity threats. For example, several surveys find that as many as half of remote workers are potentially exposing sensitive company information by using unsecured applications and endpoint devices.
The Department of Homeland Security’s cybersecurity division has warned that malicious actors are exploiting the COVID-19 pandemic with attacks on the teleworking infrastructure. Remote workers are inviting targets because they lack many of the digital protections that exist in a secure office environment. Small and midsize businesses (SMBs) are particularly vulnerable because they lack the resources and overall security infrastructure of larger enterprises.
Here are seven ways SMBs can boost the security of their remote workers:
Educate your employees. Effective security begins with employee awareness. Remind remote workers of three essential practices for avoiding malware — don’t open emails from senders you don’t recognize, don’t click on email links if you aren’t certain it is legitimate, and don’t open email attachments unless they are expected and come from a trusted source. Test employees with simulated phishing emails to see if they can recognize current threats and techniques.
Boost endpoint security. The use of unsecured devices and applications creates multiple attack surfaces. Many users aren’t particularly tech-savvy, so they need expert guidance on how to install security software on their devices and apply application updates and patches. Consider installing endpoint protection software on a server or gateway appliance to authenticate endpoint logins and update client software when needed.
Change home Wi-Fi passwords. When working remotely, an employee’s home Wi-Fi network effectively becomes part of the company’s network. However, many people never change the default password on their wireless router. Insist that all employees change to a strong, unique password featuring a mixture of letters, numbers and symbols.
Use multifactor authentication. Don’t rely on passwords alone for remote access. MFA requires a combination of verification factors, such as something the user knows (a password or PIN code), something the user has (a security token or mobile app) and something the user is (a biometric identifier). There are a number of easy-to-use, cloud-based tools that generate a second authentication code, typically transmitted by phone call, text or email, when users attempt to log in to corporate resources.
Use a VPN and keep it updated. Virtual private networks create secure, encrypted tunnels between the home user and a remote server. Updates and patches must be applied regularly to limit vulnerabilities. Resist the temptation to use a free VPN service, however. Many monetize their service by logging your activity and selling it to third parties for building online advertising profiles.
Back up your data. One recent study found that more than 20 percent of SMBs have no data backup or data protection solution in place. That is a huge risk with increasing amounts of essential company data is now residing on employee-owned desktops, laptops, tablets and smartphones outside of the office.
Work with a managed services provider. MSPs offer network monitoring and maintenance as well as managed security services, managed backup and more. MSPs can boost your security by taking on critical, ongoing tasks such as patch management, antivirus updates and firewall monitoring.
Teleworking has gained mainstream acceptance in recent years, but few SMBs were fully prepared to make that shift almost overnight. Employees working remotely for the first time often engage in behaviors that create significant risk for the business. With malicious actors looking to capitalize on telework vulnerabilities, smaller firms must ensure they are taking proper precautions. Give us a call to learn more about the tools and processes you can use to boost the security of your remote work operations.