Cybersecurity: Keeping it Simple When Working Remotely

by Roseann Freitas | Apr 7, 2020 1:48:27 PM

COVID-19 has impacted all parts of our lives. With the new
work office in our living room, bedroom, lanai (patio), and other areas of our
homes, life for most of us is far from typical. Previously, traditional office
locations permitted for more traditional time and resources to facilitate
robust cybersecurity; however, most companies didn’t have a comparably well
laid out plan for employees working from home.

Yet almost overnight, it happened.

While it makes sense that a system needs to be in place when
a company’s data is removed from the office and taken to a person’s residence,
it’s more common that micro- and small businesses don’t know where to start to
establish clear guidelines, consistent communication and information-guarding
technology.

BBB Northwest + Pacific Information Systems Manager Jeremy
Larrison said he acted quickly as the organization made the shift to a
work-from-home environment.

“As efficieintly as we could, we educated the employees, set
networks to private and incorporated multi-factor authentication,” he said. “Adding
a global virtual private network (VPN) was a necessity to protect sensitive
information.”

Many small businesses do not have a dedicated information
systems manager, so how do they handle cybersecurity? According to the Cyber
Readiness Center, these tips may help guide you:

  1. Appoint a cyber readiness leader.
    Surprisingly, this person doesn’t necessarily need a high degree of technology prowess.
    Instead, it’s more important that they understand people and can motivate employees
    to adhere to the rules. Think out-of-the-box for your cyber readiness leader
    selection; HR might have the right person.
  2. Keep it simple. When technology rules
    aren’t simple, employees will find a work-around. Set the rules, which are easy
    to implement.
  3. Try to keep home and work technology
    separate.
    What device will your employee use at home? It is best to have a
    separate work computer and not use the family computer. If that’s not an
    option, set up a new account with a secure password or phrase and do not share it
    with the family. Clearly communicate to employees that the work computer or
    account should be used solely for work-related activities, and isn’t for
    streaming personal videos.
  4. Remind employees to set up a password or
    passphrase they can remember.
    Were you thinking about using your favorite
    sports team and birth year? Think again, as 17 percent of passwords have that
    combination. The recommendation is to use a phrase versus a word, which should
    make it easier for the user and more complicated for the hacker. Also consider
    this: What security and firewall programs does the employee have at home? Is
    the software updated frequently, and security patches installed? Updating the
    software keeps it safe; however, when not done, then the system can be
    attacked. Before you or your employees starting to work from home, change the
    wifi password so anyone who previously had it won’t have access.


  5. Add multi-factor authentication to the
    process for another layer of security.
    Multi-factor authentication can
    include security questions, a code sent to another device, a biometric measure
    or a GPS location. Remember, a security question shouldn’t have the information
    found via a social media network. Additionally, using a cell phone for a code
    to verify access is secure only if you have the mobile device on you at all
    times; if you or the employee loses the cell phone, someone else has access to the
    verification device and possible access to accounts. Put together a document for
    employees with instructions on how to set up additional security measures.
  6. Discourage the use of USB devices to transfer
    data from the office computer to a home laptop and vice-versa.
    Any
    information or malware on the USB can be transferred from one computer to
    another. If transfering data with a USB is the only option, set up a separate machine
    from the network and run a virus scan. Once you know there aren’t any viruses,
    you can comfortably add data to the system.  

Business email compromise isn’t new because of the pandemic,
but the confusion of working from home is enticing for those who are up to
committing fraudulent activity. Educate your employees to be diligent when
opening any attachments or clicking on any links and to take extra steps to verify
legitimacy when receiving requests to transfer money. When in doubt, make a
phone call.

With so much change and confusion amid businesses focusing
on how to make payroll and pay bills, it is easy for processes to be forgotten.
Protecting data with information about customers, employees and vendors need to
be top of mind. Set up a cyber readiness leader, put a plan in place and keep
it simple.

Subscribe Now

Posts by Topic

see all

Additional Reading