Due to the impact of COVID-19, the number of people who work remotely has dramatically risen, meaning IT infrastructures and online systems are more relied upon by businesses than ever before.
Inevitably, as virtual activity has increased, so has the threat posed by cyber security attacks. Without sufficient protection offered by the best online security suites, business computer systems accessed on home networks are at real risk of being compromised by hackers who want to steal sensitive data for criminal purposes, such as fraud.
Establishing effective security practices is critical to reduce cyber security attacks. In this article, we offer advice and recommendations to help make remote working for employees as safe as possible.
Step 1: Beware of phishing, vishing, and smishing
Phishing is a scam in which fraudsters pose - via email - as a genuine company, bank, government agency, or client to trick people into parting with sensitive details or clicking on links that contain malware.
Phishing attempts have spiked during the COVID-19 crisis, so making sure your employees are wise to these scams is vital. Remind them to check for typical phishing traits like odd-looking email addresses, consistent spelling errors, shoddy formatting/logo use, and urgent requests to share sensitive material or click on links.
There are also attacks referred to as vishing and smishing, which work towards the same criminal goal. With vishing, scammers imitate a real phone number that might have a local area code or belong to a legitimate company/government agency. Remind your employees not to respond to unexpected calls from unfamiliar numbers, even if the phone number is local or the caller leaves a plausible voice message claiming to be somebody genuine.
As for smishing, this is essentially phishing via text message. In these scams, a criminal will likely contact you posing as a bank, business, or government agency. They typically include an urgent message (e.g., “we have detected unusual activity on your account”) to scare you into clicking on a link or divulging confidential data.
Step 2: Make sure employees use antivirus software
Antivirus software is a cybersecurity cornerstone that can guard against all kinds of malware - including ransomware and spyware - by providing a firewall, spam filters, in-depth scanning, security reports, and dark web monitoring, among other things.
The best online security suites ensure that your employees’ devices won’t enable cybercriminals to reach your business’ computer systems or other shared online workspaces, such as cloud platforms.
Step 3: Encourage employees to only use work devices
It’s important that your employees stick to using their assigned company devices when working from home, especially if they regularly log in to shared online workspaces or access business accounts that contain lots of sensitive information.
Overall, it’s much easier to implement a cohesive cybersecurity framework when all home-working employees use assigned work devices, which should all have the same software and security tools and can be kept frequently updated by your IT department.
Unfortunately, personal devices might have an inferior level of protection, and therefore create a potential weak spot in your business’s security defenses.
Step 4: Remind employees to enable software updates
Software updates keep devices and operating systems one step ahead of the latest cyber threats. If you don’t have an IT department to handle these updates, then it’s crucial to remind employees to keep abreast of the most important ones.
This should be a straightforward process overall, as most operating systems (like Windows, macOS, Android, and iOS) display notifications when software updates are due, and enabling them only takes a couple of clicks.
Step 5: Make sure employees’ home networks are secure
No matter how much protection your employees’ work devices have, they must also be connected to a secure home network.
To reduce the chance of a hacker breaking through a home network, remind employees to check that their Wi-Fi connection is private and secure before they access business computer systems. All home networks should be protected with a strong password and a high level of encryption, both of which can be adjusted via a network’s router settings.
Step 6: Use a good-quality business VPN
The best business VPNs (virtual private networks) add an extra layer of protection by providing your operating systems and work devices with a dedicated, static (i.e., unchanging) IP server and address, plus encryption.
As a result, employees can securely access your business’ operating systems remotely with complete online anonymity, while you manage the amount of access everyone in the team has. Furthermore, many business VPN solutions (such as NordVPN Teams) offer comprehensive plans to cater for small, medium, and large businesses.
- Read our NordVPN review
Step 7: Create complex passwords
With employees working remotely, it’s more important than ever to guard your business’s databases and online computer systems with complex passwords that are routinely changed.
The strongest passwords should have a minimum of 12 characters that consist of symbols, numbers, and letters (both upper and lowercase). As complex passwords can be challenging to manually create and securely store (let alone remember), it’s preferable to get a good-quality password manager, like Dashlane, to do these tasks for you.
Moreover, a password manager gives your employees a secure, easy way to access all the passwords/codes they need, which is far safer than sending out password updates to them via email or text message.
Step 8: Enable two-factor authentication
A good-quality password manager will also include options for two-factor authentication (2FA). 2FA adds an extra layer of protection to an account by providing a second factor required to log in to an account, which can take a few forms - e.g., a unique six digit code texted to the user’s phone. This means that a hacker won’t be able to access a business system without access to the second factor, even if they know the primary password.
If you enable 2FA for all your business accounts via a password manager, your remote working employees will be able to securely access all the 2FA codes they need and safely log in to business accounts.
Step 9: Use a good-quality cloud service
The best cloud services (like Google Drive or Microsoft OneDrive) securely hold your business’s sensitive data in the virtual, encrypted infrastructure of a service provider. Therefore, cloud storage is a safe and appealing way for employees to access, share, and edit work documents from home.
You should make sure to choose a cloud service that offers a high level of encryption, 2FA, and multi-device compatibility.
Step 10: Make sure video conferencing is secure
Video conferencing has become a crucial artery of communication for businesses during the COVID-19 pandemic.
Whether your business uses Microsoft Teams, Google Meet, Zoom, or another of the highly-rated video conferencing tools, make sure you apply all the available security features when creating and hosting video conferences.
These should include PIN/password protection for scheduled sessions, an in-call lock feature to keep intruders out, and - as ever - great encryption and troubleshooting support.
- Read our Microsoft Teams review
Establishing good cybersecurity protocols for remote-working employees to follow will reduce the chances of cyber security attacks on your business’ systems, causing a data breach. It’s vital to teach remote-working employees about good cybersecurity practices - from being vigilant about phishing to securing home networks.
To stay one step ahead of the latest cyber threats, it’s important that your business’ online systems are protected by additional security tools, such as a password manager and 2FA, as these can help you to properly enhance your business’ overall security.