It’s no secret that cyberattacks are becoming increasingly commonplace. In May, an FBI spokesperson told the Senate Judiciary Committee that the Internet Crime Complaint Center got nearly the same number of complaints in the first five months of 2020 as they had for all of 2019. The UN Undersecretary-General Vladimir Voronkov noted in August that the first quarter of 2020 saw a 350% increase in phishing sites.
How can a business owner keep his or her company secure in such an environment? It’s not easy as the sudden shift to a virtual work environment has created vulnerabilities that hackers can easily exploit to hack businesses, educational institutions, hospitals, and even municipal governments. IT managed service providers from around the nation recently weighed in on the question, “What key steps can a business take to remain secure while working remotely?” and their insight can offer solutions that business owners can build on to eliminate vulnerabilities that could lead to a devastating cyberattack.
Michael Nelson from TLC Tech in California puts a premium on one single security step: setting up two-factor authentication. He recommends using an app such as Microsoft Authenticator, Google Authenticator, or Duo. Alternatively, he notes that companies that don’t want to use these apps could opt to have a six-digit code sent via SMS. Nelson points out that two-factor authentication is critical for every single device and the company network as it provides a second layer of security that can make it difficult for hackers to gain access to the corporate network. Other IT managed service owners concur with Nelson’s statement while offering additional advice. Doug Smith from BlueHat Cyber in Nevada notes that it’s imperative for business owners to provide staff members with IT cybersecurity training. Remote employees need to know not only how to use new IT solutions but also how to distinguish between malicious links and harmless ones. A “think twice” policy can lower the odds of being breached or infected with ransomware and/or other forms of malware. He also strongly recommends that companies keep software and firmware up to date, use secure browsers such as Chrome and Firefox, and create a back-up and disaster recovery plans to prevent loss of data should a ransomware attack or IT breakdown make it impossible to access corporate IT systems.
Ian Hansen from Philantech3 in Washington addresses a common dilemma many companies faced when shifting to a virtual work atmosphere: Should companies provide employees with corporate devices or allow employees to use personal computers to work from home? Hansen notes that a chain is only as strong as its weakest link. All it takes is one unsecured device accessing the company network to provide cybercriminals with the opening needed to access all a company’s invaluable data. Hansen recommends that companies set strict cybersecurity standards and either provide company-issued hardware that complies with these standards or take measures to ensure that personal devices are fully secure before remote employees can use them to connect to the company network. He also points out that remote workers should be instructed to avoid public wireless hotspots and practice physical awareness if working in a public place to deter hackers from obtaining information that could be used to breach company devices. Hansen goes on to recommend other cybersecurity practices such as using a secure VPN and cloud-based applications and investing in a password manager that would make it easy for employees to select a strong password for each company application they use without worrying about continually forgetting passwords and having to reset them.
Recent statistics from Homewerker indicate that virtual work set-ups are here to stay, and it’s not hard to see why. Up to 37% of jobs can be done fully from home instead of in a traditional work setting, and it’s far more affordable for companies to send workers home than it is to re-work an entire office set-up and put protective measures in place to prevent the spread of the novel coronavirus. What’s more, employees who work from home are less likely to miss workdays and more likely to expend more effort on their jobs when offered a flexible work schedule. A work-from-home set-up also boosts employee morale as staff members working virtually feel more accomplished at the end of the day than they did when working in a traditional office setting. Even so, a remote work set-up does have inherent cybersecurity risks that companies need to be aware of and address to prevent cyberattacks. Implementing the cybersecurity measures outlined above can help to eliminate vulnerabilities that a hacker could use to gain access to company systems, thus enabling a company to successfully pursue its core goals rather than expend energy on dealing with the aftermath of a successful hack.