In the last two weeks, most of us in the workforce have been being asked or forced to work from home due to the coronavirus pandemic. Working remotely will help slow the worldwide spread of COVID-19 from person to person and enable the economy to function and that’s a Win-Win. However, remote workers represent new cybersecurity challenges different from on-site work that we, as business owners, need to proactively deal with.
What Should We Do?
When working at the office, we all work on a secured network, on antivirus protected computers, have privilege rights management in place, our devices lock after inactivity, with regular (monthly) patching of both operating systems and applications.
Is that true when your employees work from home?
With the rapid onsite of COVID-19 and work from home, some businesses are forced to allow personal devices to be used for work purposes. Not every company can provide secure laptops to all employees.
How do we ensure personal devices, now used for work purposes, are properly protected?
Start by Setting Policy
The first thing a company should do is take a look at the policies they have in place to govern employees. Do you have a Written Information Security Policy (WISP), and are there established security guidelines for remote work and remote access to company information systems? Do those policies need amending in this emergency to allow for exceptions?
Keep Devices Up To Date
The first thing that employees should be doing is securing their devices. Ensure these steps are part of your requirements:
- Operating Systems are current and fully patched;
- Antivirus software is installed, functioning, and up-to-date. Here are some free options for home users:
- If possible, move personal activities to another device like an iPad or tablet or mobile phone and designate a work computer for work only.
Secure your Remote Access
Securing your communications into your company network at the office is important. CyberHoot has witnessed many breaches relating to remote access that wasn’t two-factor authenticated. Do not enable any remote access to your company networks without two-factor authentication (2FA) enabled for everyone. Free solutions exist from Google and Microsoft, and even easier but paid 2FA exists from Duo.
Setup either a Virtual Private Network (VPN) to allow work-from-home employees into your company network (with access to file servers etc.), or else setup a Remote Desktop Protocol (RDP) access into their work machines. Both remote access solutions must have 2FA to authenticate your users.
A VPN grants access to the network from the home machine, so securing that home machine is even more important when a VPN is in use. RDP eliminates many of the problems associated with those potentially insecure home machines and may be more appropriate for many small to medium sized businesses.
If all your employees do from home is work on Email, then RDP and VPN may not be necessary. Email can easily be secured via Microsoft’s O365 Web Access combined with simple mobile-phone based two-factor authentication (a text message or an authentication app).
CyberHoot always recommends training your employees on cybersecurity basics as one of the cheapest and easiest methods of threat reduction. Trained employees can spot and delete phishing attacks, pick better passwords, even start using Password Managers.
Be especially wary of the increasing number of Coronavirus-based phishing emails going around, preying on folks public health concerns. For more on this, please read FTC Warning of Potential Coronavirus Scams.
At this moment in time, it is important to recognize both the pandemic threat along with the threats that come from working remotely. By following the suggestions CyberHoot has made in this article it can reduce the chance of you or your company becoming victim to cybersecurity threats.
An easy way to train your employees while your employees are working from home is through CyberHoot. CyberHoot is an open learning management platform that can train employees on ANYTHING. If you record a heartfelt video message of encouragement, CyberHoot can send it automatically to every employee, and it will remind them if they haven’t watched it yet, automatically until they do.
CyberHoot delivers any PDF or Video right to your employees’ inbox. Allow CyberHoot to help you take care of your employees during this time of crisis!
Visit https://cyberhoot.com/businesses/ for more information or a free 30-day trial.
Use Coupon Code: “Social-Distancing“ to get an extra 30 days on your trial.
- Trend Micro Article Warning on Coronavirus Phishing Attacks
- The National Law Review
- The Federal Trade Commission
- CyberHoot’s Virtual Private Network (VPN) Cybrary Term
- CyberHoot’s FTC Warning of Potential Coronavirus Scams Article
Related Reading: Five (5) COVID-19 Scams to Watch Out For
CyberHoot Printable Infographics:
Working Remote Best Practices for Businesses Video
To learn about remote work best practices, watch this great video from an industry veteran who assembled world-wide remote teams for a decade and shared his knowledge and advice. This longer video includes the technologies companies are leveraging in 2020 to be productive remote, the time management tips and tricks, and a whole host of other juicy nuggets of good info and advice.