Since lockdowns went into effect in the middle of March 2020, millions more workers have been working from home. One of the things that we’ve learned from this mass experiment is just how flexible people can be in times of distress. Very few companies were prepared for this abrupt change, but when it happened, they had to adjust. American businesses are made of tough stuff. They found ways to make the switch work.
However, the switch to working from home wasn’t always a perfect one. In fact, it still isn’t perfect everywhere. When you take a business full of workers who have never worked remotely before and you suddenly have to close the office, things are going to go awry. Without proper contingency plans and polices, you’re going to be left with a dangerous patchwork system. Without much more than Zoom or Teams log-ins and personal devices, many employees were asked to keeping working the same as before. Solutions varied wildly.
Finding Holes in Your Remote Security
Ask yourself, do any of these practices describe you?
- Using personal devices for work
- Using a public or unsecure WiFi network
- Breaking company policies (or unsure of what they are)
- Not enabling automatic software updates
- Not backing up your files
- Saving data on personal hard drives
- Practicing poor password strategies
If so, you’re not alone. Security policies are likely the biggest holes in the patchwork system hastily thrown together by companies struggling to implement new policies.
Now that businesses have had some time to adjust, it’s time to start taking a serious look at how employees are staying safe online.
Plugging Your Remote Security Holes
First, most obviously, if you or your employees are doing any of the things listed above, you should reconsider. Here’s why:
- Personal devices: These are less likely to have proper antivirus software, firewalls, and automatic patching compared to company-owned devices, making them less secure.
- Public/unsafe WiFi networks: The coffee shop below your apartment may or may not be closed, but using their WiFi is asking for trouble. Unsecured networks can be used to intercept sensitive data or distribute malware. Internet-enabled devices in your home are also vulnerable.
- Company policy: If you’ve agreed to certain practices, don’t break them! Reach out to the company for clarifications on what’s allowed and not allowed if you’re unsure. And if you’re the one making policies, be sure to share them with all employees and ask them to acknowledge they understand. Communication is key when you’re remote.
- Automatic updates: Updating apps and software is like saving: it’s much easier when it’s automatic. Otherwise, you’ll keep putting it off, meaning you’re missing out on critical security patches that stop hackers.
- Backups: The importance of backing up your files cannot be overstated. It’s the best kind of insurance, one that can save your butt and can be done for little to no cost. Check with your company to find out their backup policies and procedures.
- Personal drives: Your personal hard drive is more likely to be compromised than other, company-secured options.
- Passwords: Using strong, confidential, and unique passwords (meaning you don’t use the same one across multiple accounts) is truly essential to keeping yourself and your company safe.
Here are some other security considerations to make:
Remote Work Policy
Organizations with remote workers—so, pretty much all of us right now—need to have a work from home policy in place that outlines company expectations for employees.
It is the responsibility of both employers and employees to understand the best practices. Managers need to create and distribute policies for employees to review and sign off on, and they need to make training available if not mandatory. Workers need to read the policies given to them, comply with the practices, and take an active role in complying with them (including participating in training).
People Are Vulnerable
Sorry, but it’s true. If you’re a living, breathing human person reading this right now—we’re taking a wild guess that you are—you’re considered a weak link in any security plan. That’s because humans are vulnerable to social engineering attacks. We also make mistakes.
Scammers have switched messages; now, it’s coronavirus-related phishing attacks that are flooding inboxes around the globe. Employees who are not trained to recognize these scams can unknowingly click on malicious links or download malware, jeopardizing the company itself by potentially exposing its data to theft and ransom.
Small businesses have widely realized the value of cybersecurity training for employees. This training is one of the most popular security solutions adopted by SMBs in 2019, with 41% saying they currently use it and another 27% saying they plan to adopt it within a year. Businesses with limited resources can turn to outside experts for affordable and customized security training.
Virtual Private Networks (VPN)
Ideally, employers can solve some network security and practicality issues by providing employees with a VPN. Using one allows you to securely connect to your business, even when using a questionable WiFi network. Setting up a VPN isn’t for the faint of heart, though, and they can be expensive and time-consuming for an in-house IT department to establish. Turning to outside help from a company that can set one up more efficiently can be a good way to get started.
Letting employees work from home using unsecured, company-owned devices or personal devices provides a challenge for management. In addition to the previous issues, you’re risking integrity of the corporate network. When wireless and mobile devices (i.e.,” endpoints”) have outdated operating systems, software, applications, or other resources, they represent a critical weakness when they connect to a network.
Remote maintenance tools (like our own MachadoConnect) allow updates to get pushed to company endpoint devices automatically, eliminating risk. The same tool can also be used to remotely access systems in the office from the home.
Even without this tool, there are still steps you can take to secure endpoint devices. It’s good practice to distribute company devices only after they’ve been pre-loaded with anti-virus software and network firewalls. VPNs can also be enabled. When employees do work on personal devices, the company can purchase and give out licenses for anti-virus software.
Patchwork Security? We Can Help
There may be more vulnerabilities in your business than you care to admit (or even know about), but it’s important to identify and deal with each one. Only by doing covering all bases can employees feel like they have the freedom to work successfully and safely from home. Remember, your security scheme shouldn’t be like grandma’s old quilts; patchwork just won’t cut it.
In a world where digital work is essential, your company needs to have IT that doesn’t just work but that is safe, too. For solutions that are tailored to your individual business and brought to you by thoughtful, caring human beings, look no further than a trusted and awarded managed service provider. Reach out to us at (508) 453-4700 or online here.