During these unprecedented times, many companies are now being challenged to deliver their products and/or services, perhaps using new (and as yet, untested) mechanisms to do so.
While some businesses have been forced to close their doors, those who have the advantage of staying open and allowing staff to work from a remote location can't ignore the security implications that go along with having less control over their corporate business and technological environment.
Hackers, malware distributors, and data thieves are certainly aware that many companies will be relying on remote work for many of their corporate activities in the days and weeks to come.
Working without a well-constructed security plan puts companies at high risk for becoming a victim to the increased cyber attacks currently being reported in the press.
Developing a Work-From-Home Plan
Most businesses likely have at least some type of plan in place in the event a natural disaster or some other type of unforeseen emergency should occur. That's a great place to start, but I doubt anyone predicted that most of the American workforce would be sent home to work in a matter of days.
If you have a disaster recovery plan that included enabling people to work from home, now's the time to review it and start filling in gaps as quickly as possible.
If you don't have one, ready or not, it's time to make one.
A dispersed workforce can be more vulnerable than having everyone in your office, so here are a few things to consider as you're making your plan.
What to Include in Your Work-From-Home Plan
Use of Personal Equipment - For staff to work at home, some companies will need to waive the requirements for employees to use only corporate-owned computers and other technology devices for work-related activity. Employers must ensure their staff members are using computer equipment with a fully-patched operating system, and that up-to-date antivirus software is running in the background.
This applies for any type of device, including PCs, tablets, or a smart phone, and whether the operating system is an Apple, Google, or Windows OS.
Home Networks - Hackers may very well decide to focus their efforts on attacking home Wi-Fi networks in the near future since they know that millions of people will now be working from home.
Businesses need to review the security level of the network which employees will be using to gain access to the internet or a corporate intranet. They also need to consider the ramifications of their employees using personal devices such as Alexa or Google Home, security cameras, etc. on the same network, because they represent another potential avenue for a hacking attempt.
Extra Vigilance - Even the Department of Health and Homeland Services recently came under fire from a cyber attack, so increased vigilance by employees regarding security issues is absolutely necessary.
Employees must be instructed to be on the alert for spearfishing emails and suspicious websites, especially those that look like they have new, "emergency" information about the COVID-19 virus. Companies may want to consider investing in specialized software tools designed to help staff members differentiate between valid information and disinformation.
Strong Passwords - Employees must be required to use strong passwords in order to gain access to corporate sites and corporate data. Depending upon how long employees may be required to work from home, companies may also want to consider requiring that users change their password on a monthly or quarterly basis.
Consider Multi-Factor Authentication - Many banks, credit card companies, etc. are now using multi-factor authentication which requires users to further identify themselves before being allowed to log onto their website. Since there is little control over an employee's home environment, it's definitely worth considering adding an extra layer of protection by requiring employees to further authenticate themselves by way of email, or through a security code or password sent to their smart phone.
This holds especially true for employees who use a VPN (virtual private network) for personal use, or who use Office 365 or G Suite as part of their work-related tasks, as these applications are favorite targets of hackers focusing on remote-based software.
Firewall - Most personal computers come with a firewall put in place by the manufacturer. Employers should ensure each employee's firewall is activated and its firmware is updated every two months, at least. For the sake of consistency across all employee equipment, companies might want to consider having all their employees use an independent 3rd party firewall solution.
VPNs - Employees should connect to company resources using a VPN. VPNs allow employees to safely connect to your servers without compromising the safety of your network. This should be set up by your IT team.
Cyber Attacks on the Rise Create Challenges From All Sides
It's probably safe to say that almost every person has been presented with new, unforeseen challenges, both personally and professionally. In addition, countless businesses are scrambling to address issues that threaten their ability to remain solvent.
Along with all these current obstacles, ensuring corporate cyber security measures are solidly in place is a concern that can't be ignored. Multiple news sources report a notable increase in cyber attacks associated with COVID-19 and warn about an increased potential for other threats such as a cryptocurrency attack.
In order to regain control over one's environment in both the personal and professional arenas, it's vital for everyone to work together as a team, develop intelligent plans and strategies, and not gloss over any potential issues. Of course, mid to lower level employees will likely be focused on putting forth their best efforts to provide all the products and/or services requested by their customer base, while upper managers need to oversee all the aspects of running various departments to ensure they all seamlessly work together as quickly as possible.
To properly address technology and security issues, management needs to meet with both their internal technology staff and external IT support partners. Together they can develop effective plans to ensure the safety of one of the most integral parts of a business -- that being a company's data and the technology that supports it.
IT Guidance and Support
Business owners and managers have a lot to think about these days. One thing that has to stay top of mind is data protection, even during a crisis situation. Whether you have a partial plan in place or you need a full security assessment, we're here to help. Contact us for a FREE IT assessment.