Online security can be tricky for a business, especially when the team is working from home. With 42% of Americans working remotely to some degree due to the COVID-19 pandemic, keeping data secure is more challenging—and more important—than ever.
Home offices often lack the security measures built into a traditional office space and thus are inevitably more vulnerable to hacking and other threats. Fortunately, your business can take steps to mitigate these risks. Below, Forbes Business Council members share 14 things you can do to ensure your remote workers and their data stay secure.
1. Be proactive about company education.
Focus on education, security training, reminders and explanations of the consequences. People will have a million things on their minds, and we all know the gut-wrenching feeling when someone throws a wrench in the system, whether intentionally or not. You have to keep in touch, keep employees updated, share new information and stay plugged into special interest groups like MS-ISAC, CISA and so on. – Mori Kabiri, Counself Inc.
2. Secure home networks and mandate VPNs.
Most home Wi-Fi networks are not secured, and risks could even come from family members sharing the same network. Mandate the use of VPNs—even for video conferencing calls. This will ensure that network traffic is encrypted. Apple and Microsoft have firewalls that can be enabled on all devices, including mobile. This prevents malicious inbound or outbound requests. – Debajyoti Ray, RivetAI Inc.
3. Rely on the experts.
Ensure company-issued computers that have security measures pre-installed by your IT team are used. Keep employees informed of any security updates or vulnerabilities that arise as more people transition to home offices and remote tools become more of a target for bad actors. Any action items should be left to the IT team or communicated in a way so that even the non-tech-savvy can follow. – Trevor Outman, Shipware, LLC
4. Clearly communicate company policies.
Establish and communicate guidelines to your employees regarding working remotely. Provide a checklist to ensure they’re following proper protocols to keep your data secure. Your staff should avoid using personal laptops for company business. Use dedicated devices and networks for managing essential systems to ensure secure operations (i.e., VPN3). Further, your team members should not utilize personal email addresses to communicate company information. – Joe Gardner, VentureDevs
5. Keep things simple.
With modern technology, there should not be a need for email attachments. Sometimes, long distribution lists can create data breaches. Keep it simple. Use shared documents and keep emails and data restricted to a “need-to-know” basis. Ensure you are clear on purpose, outcome and objectives for a task involving sensitive data. – Naeem Arif, NA Consulting
6. Don’t make critical assumptions.
People don’t have the same level of security awareness at home as they do at the office. At BHG, we continually educate staff about security through safety tips, online training modules and alerts to phishing scams. Still, we can’t assume people are retaining and practicing these measures, so we’ve added an additional layer of vulnerability testing. – Eric Castro, Bankers Healthcare Group
7. Require two-factor authentication.
Ask your workers to set up two-factor authentication on all their accounts. This usually works by asking for a mobile number or email address to which a verification code or link is sent when a login is attempted. This gives an extra layer of protection to your data and is the best way to secure your accounts. – Adam Harvey, Proofed
8. Provide employees with basic security knowledge.
Create standard instruction guides and how-to documents for the software that your team will be using or for existing applications that will be used in a different way. It will help guide your staff on what to do if they have any questions or doubts. Employees need to be in possession of basic security measures. – Beth Worthy, GMR Transcription Services, Inc.
9. Teach your staff to recognize hacking attempts.
Hackers need a way to get into your system. For that, they send links, images, videos, etc. And once you click to open that link or image they get control and hack your device. That’s why you shouldn’t click on a link or image to open it right away. First, ensure that the sender is genuine—check their email address, profile, etc. Also, avoid public Wi-Fi. – Harpreet Munjal, LoudGrowth
10. Change passwords frequently.
A simple and still efficient way to curtail hackers—especially since everyone has quickly gone virtual and is working from home—is to change passwords more frequently. The “best practice” is to change passwords every 30 days on different websites—change it up to every 15 days. It is a bit exhausting and tedious, but it is something that works and is easy to implement quickly. – Silvia Mah, Ad Astra Ventures
11. Focus on people, processes and technology.
Great cybersecurity strikes a balance between securing assets and fostering operational efficiencies. At a minimum, companies need a dynamic defense of multilayered security and protection capabilities. This includes continuous training of employees on evolving cyber threats, established processes that enforce security controls and automated threat detection, identification and protection. – Byung Choi, MarcomCentral
12. Block common threats.
The most common threats are malware and phishing attempts. Behavioral-based antivirus software—which does not rely on definitions for malicious programs that already exist but instead identifies abnormal activity—will prevent the threat from executing and protect against malware. Advanced e-mail security with threat protection blocks malicious URLs and impersonations that originate from phishing emails. – Sean Vitale, vitaltech Solutions
13. Remind people of the signs of phishing.
Take time during team meetings to periodically say, “No one at this company will ever ask for your password. And no one will ever ask you to buy gift cards and send the codes over email.” Spearphishing emails that look like they are coming from people’s bosses or even CEOs are on the rise. Asking for passwords and gift card codes are common scams. – Jason Richmond, Ideal Outcomes, Inc.
14. Ensure employees are only using company-controlled devices for work.
Remote work will continue for the foreseeable future, even without a public health emergency like the coronavirus. Businesses should pay as much attention to cybersecurity as productivity. If employees aren’t restricted to company-controlled devices, they could expose the business to a lot of risk, which can be incredibly costly. Additionally, strong passwords and two-factor authentication are a must. – Abigail Aboitiz, Advanced Remote Monitoring ARM LLC