COVID-19 has impacted all parts of our lives. With the new
work office in our living room, bedroom, lanai (patio), and other areas of our
homes, life for most of us is far from typical. Previously, traditional office
locations permitted for more traditional time and resources to facilitate
robust cybersecurity; however, most companies didn’t have a comparably well
laid out plan for employees working from home.
Yet almost overnight, it happened.
While it makes sense that a system needs to be in place when
a company’s data is removed from the office and taken to a person’s residence,
it’s more common that micro- and small businesses don’t know where to start to
establish clear guidelines, consistent communication and information-guarding
BBB Northwest + Pacific Information Systems Manager Jeremy
Larrison said he acted quickly as the organization made the shift to a
“As efficieintly as we could, we educated the employees, set
networks to private and incorporated multi-factor authentication,” he said. “Adding
a global virtual private network (VPN) was a necessity to protect sensitive
Many small businesses do not have a dedicated information
systems manager, so how do they handle cybersecurity? According to the Cyber
Readiness Center, these tips may help guide you:
- Appoint a cyber readiness leader.
Surprisingly, this person doesn’t necessarily need a high degree of technology prowess.
Instead, it’s more important that they understand people and can motivate employees
to adhere to the rules. Think out-of-the-box for your cyber readiness leader
selection; HR might have the right person.
- Keep it simple. When technology rules
aren’t simple, employees will find a work-around. Set the rules, which are easy
- Try to keep home and work technology
separate. What device will your employee use at home? It is best to have a
separate work computer and not use the family computer. If that’s not an
option, set up a new account with a secure password or phrase and do not share it
with the family. Clearly communicate to employees that the work computer or
account should be used solely for work-related activities, and isn’t for
streaming personal videos.
- Remind employees to set up a password or
passphrase they can remember. Were you thinking about using your favorite
sports team and birth year? Think again, as 17 percent of passwords have that
combination. The recommendation is to use a phrase versus a word, which should
make it easier for the user and more complicated for the hacker. Also consider
this: What security and firewall programs does the employee have at home? Is
the software updated frequently, and security patches installed? Updating the
software keeps it safe; however, when not done, then the system can be
attacked. Before you or your employees starting to work from home, change the
wifi password so anyone who previously had it won’t have access.
- Add multi-factor authentication to the
process for another layer of security. Multi-factor authentication can
include security questions, a code sent to another device, a biometric measure
or a GPS location. Remember, a security question shouldn’t have the information
found via a social media network. Additionally, using a cell phone for a code
to verify access is secure only if you have the mobile device on you at all
times; if you or the employee loses the cell phone, someone else has access to the
verification device and possible access to accounts. Put together a document for
employees with instructions on how to set up additional security measures.
- Discourage the use of USB devices to transfer
data from the office computer to a home laptop and vice-versa. Any
information or malware on the USB can be transferred from one computer to
another. If transfering data with a USB is the only option, set up a separate machine
from the network and run a virus scan. Once you know there aren’t any viruses,
you can comfortably add data to the system.
Business email compromise isn’t new because of the pandemic,
but the confusion of working from home is enticing for those who are up to
committing fraudulent activity. Educate your employees to be diligent when
opening any attachments or clicking on any links and to take extra steps to verify
legitimacy when receiving requests to transfer money. When in doubt, make a
With so much change and confusion amid businesses focusing
on how to make payroll and pay bills, it is easy for processes to be forgotten.
Protecting data with information about customers, employees and vendors need to
be top of mind. Set up a cyber readiness leader, put a plan in place and keep