The year 2020 has led to unprecedented times for business in Nevada, with thousands of employees working remotely due to the COVID-19 pandemic. Initially, many believed the health and economic turmoil might be temporary, but as case numbers continue to rise, a growing number of companies will have to adapt to working remotely for the foreseeable future.
During these times, it is essential to make sure that businesses continue to run efficiently, which includes ensuring that employees have the tools and procedures in place to work from home while also protecting company data against any cyberattacks.
A cyberattack is an assault launched by cybercriminals that can maliciously disable computers and steal data using a variety of methods — including malware, phishing and ransomware — which can decimate a business and be costly, making it no longer just “an IT problem.”
Cybersecurity starts from the top of an organization and requires all employees to buy-in for it to be successful. Firewalls, anti-phishing software, and other technical measures are necessary to protect from a potential cyber-attack, but proper IT policy and employee training is undoubtedly the top defense against a cyber-attack. Teaching employees the do’s and don’ts lays the groundwork for a secure defense to support all other cybersecurity initiatives. One easy way to do this is to make sure companies have a well-thought-out cybersecurity policy. This policy should explain how employees should use and access technology and outline the general security expectations and procedures that are in place to protect critical data against cyberattacks. The policy should cover areas such as:
- Username and Password Protection: Passwords are the first line of defense so it is important employees are using strong passwords that they do not reuse across different accounts.
- Multi-Factor Authentication: A layer of security beyond “username” and “password” should be in place. Multi-factor authentication considers two or more authentication factors, making it harder for potential hackers to gain access to your information.
- Security Programs: Ensure virtual private networks (VPN) are used while employees are working remotely. And, ensure anti-virus and anti-malware software is installed and updated.
- Network Security: Advise employees not to access the internet using shared or public Wi-Fi services. If employees do not have access to a secure network, advise them to use a personal hotspot separate from the Wi-Fi to which others have access.
- Personal Devices: Bring your own device (BYOD) policies are set by companies to allow employees to use their personal smartphones, laptops and tablets for work. If your company does allow BOYD, device management software should be installed on employee’s personal devices.
- Updates: Staff should turn on automated updates and should audit devices to ensure this has been done.
- Reporting: If employees believe their devices have been hacked or compromised, it is important they know the proper person to alert.
Something else to keep in mind is, if a company’s employees are working from home, the company network has been extended to the employee home machines or other BYODs. Even though these machines may not connect directly to a company network by a VPN, any compromised home machines could potentially be a risk to the business. The risks come from exposed usernames and passwords to the company network through saved passwords in browsers or even key-logging software that may have been installed through malicious means.
Once a policy has been established, companies need to hold their employees accountable in maintaining it. The policy should be in an employee handbook paired with a training that helps employees to recognize potential threats and the procedures in which to report them. While companies are working remotely, they should think about offering a refresher course in cybersecurity. This ensures that security policies and practices stay top of mind for employees.
As the dust beings to settle and businesses adjust to working from home, having these policies and procedures in place will give all business owners a sense of protection that their employees are empowered to keep their information safe while working remotely.