We wish this weren’t the case, but the truth is that cybersecurity issues do not stop for a global pandemic. After all, hackers can work from home, too! If your employees had to quickly transition to remote work, you may be left vulnerable to attacks that could cripple your business. That’s why understanding cybersecurity and your risks is more important now than ever.
To help you understand your security needs, we’ve put together some recommendations designed to help you and your employees reduce your security risk.
Equipment Being Left Unlocked or Physically Stolen
With kids and family members at home with your employees, it’s easy for an unlocked company computer to become an invitation. You don’t want children to accidentally cause a security issue because they innocently want to install a game or school program on a company computer. That’s why it’s important for your employees to password protect their work devices and keep them locked when not in use. Password protection also safeguards company equipment in the unlikely event that the equipment is stolen.
Securing a Home Network
Many employees are now also relying on their home networks for the internet access they need to complete their daily work. That’s why it’s important that they follow basic security practices for their home network. At the very least, have them make sure their home network is password-protected. Then, if possible, the National Cybersecurity Alliance recommends they have work computers on a separate wireless network.
Phishing, Ransomware, and Malware
Because of the sudden spike in remote work, many employees are no longer protected by their company firewall. That puts employees at greater risk of falling prey to phishing, ransomware, and malware attacks. The best way to lower this risk is through security awareness.
Even if you’re already following the recommendations above, your staff should also be extra-diligent about not opening attachments from unknown senders. They should also verify any fund transfers over the phone and watch for phishing emails trying to collect their credentials.
Accessing the Company Network
If you’re like many businesses, your employees require access to databases and resources housed within your company network. And that need for access doesn’t stop just because they’re now working from home. This creates a security risk because devices connecting to those resources from outside the company network are also outside the company firewall.
There are two types of devices that employees might use to connect to your company network from home: work computers and personal computers. Our recommendations differ depending on what equipment your employees are using.
Work Computers at Home
For the best at-home security, we recommend employees using work computers at home access their company network using a full-tunnel VPN. A VPN is a virtual private network — it allows devices on the network to access a company’s private resources without the security risks of a public connection. A full-tunnel VPN strengthens that security beyond just accessing company resources and extends it to any internet access at all. As an additional step, make sure that all computers connected to the VPN are still being patched and have up-to-date endpoint security installed.
Personal Computers at Home
We don’t recommend employees use their personal computers for work since it’s impossible to know if that equipment is secure. But if your current circumstances require it, we have a few recommendations to improve security.
First, don’t allow non-company owned computers to connect to your company’s networks through an unrestricted VPN. Ideally, personal computers should only be used to access work desktops through Remote Desktop Protocol (RDP). An RDP allows a user to remotely control their work computer, with their home computer simply mirroring the information displayed on their work computer.
For additional security, make sure any password-protected company resources are accessed using multi-factor authentication. This is critical, as employees using their home devices may unknowingly have keyloggers installed on their home computers.
We understand that the last thing you want to be worrying about in the midst of a global crisis is your company’s cybersecurity, but taking these steps now can help you avoid a potential disaster. Plus, strengthening your company’s cybersecurity now will offer you flexibility and help prepare you for any future scenarios that might require your employees to work remotely.
To learn more about how to help your team stay effective and secure while working remotely, watch a free recording of our webinar titled “COVID-19 Transistioning to a Remote Workforce.”