With many small businesses suddenly shifting to a work-from-home (WFH) model due to the Coronavirus (COVID-19) pandemic, there’s no denying that change is afoot. From process to productivity and communication to culture, businesses have found themselves examining many areas of their operations to keep up.
In times of change, it’s more important than ever to maintain your cybersecurity—especially with so many evolving threats around the pandemic and related WFH situations. To help you stay cyber-safe while staying home, below are some cybersecurity tips to consider while working remotely.
WFH? Test and Assess
Don’t just hope your computer security is strong enough to protect your company in these changing times—test it!
One way to gauge your cybersecurity strength is to perform a cybersecurity assessment during and after the shift to WFH. Review the many components of your cybersecurity, from people to process to data, and identify potential security vulnerabilities and areas to improve. Once you know where you stand, you can fix any pressing security issues and start building an ongoing plan for improvement.
Additionally, the shift to WFH often means reconfiguring your network, firewall, and software applications, particularly when allowing employees to use a Virtual Private Network (VPN) through their home Wi-Fi. Check for patches and updates in your software, particularly your VPN, remote desktop, and firewall. Then run a vulnerability scan to check for weaknesses so you can remediate quickly—now is not the time to let something slip through the cracks.
Set WFH Cybersecurity Expectations
Your company culture of cybersecurity doesn’t end when employees leave the office. Clarify that standard precautions around cybersecurity still apply while WFH:
- Protect sensitive data by following a Clean Desk Policy, locking your computer when you leave your workspace, and securing doors and windows to reduce the risk of theft
- Don’t allow other people (even your family) to use your work computer or phone
- Follow company policy around Bring Your Own Device (BYOD), and use company-owned storage for sensitive information
- Use a strong password and two-factor authentication (2FA) on all accounts, especially project management tools and VPN
And finally, address the elephant (or barking dog) in the room: between children, pets, and chores, it’s easy to get distracted at home. Coronavirus phishing attacks are on the rise, and it just takes one slip-up by an unsuspecting, multitasking, or hurried employee to put your company at risk. Remind your team to slow down and focus for security’s sake, to stay vigilant against trending attacks and threat alerts that could affect your company.
Make a Plan
You may be taking all the steps you can to protect your company, but unfortunately there’s always a possibility that a cyberattack or breach will occur. That’s why it’s important to be prepared with an Incident Response Plan. You should review and update your plan regularly, or whenever your company goes through a significant change—including an operational change like shifting to a remote workforce. Consider the following points in a WFH situation:
- Process around lost or stolen company devices or other breaches of sensitive data
- Remediating malware, ransomware, or other attacks remotely
- Contacting your cyber insurance provider in case of an incident
WFH is a significant shift for many businesses and employees, but a little extra cybersecurity consideration can help make it a successful (and safe) experience—for everyone but the cyberattackers.
Your Friends @ Defendify