Cybercriminals always seize upon opportunities, especially as more employees are working remotely.
While employees rely on their laptops, tablets, and smartphones to work from home, they are also susceptible to cybercriminals who exploit to gain access to your business website, network, and data.
Because your employee isn’t within easy reach of someone in information technology when working from home, help them protect themselves and your business from cyber threats.With more people working from home these days, here's four steps you can take to strengthen your employees' (and your company's) cybersecurity. Click To Tweet
Prevent employees from going to a malicious site
In 2019, 90% of all successful cyber attacks started with a phishing campaign. Cybercriminals will send an e-mail containing a malicious attachment or a hyperlink to a website that looks legitimate. Phishing emails try to trick the recipient into downloading the malware-ridden attachment or clicking the link to a website that may be infected with malware. What can you do?
- Educate employees on the importance of not clicking on unknown links and email attachments. When in doubt, contact the supposed sender by phone or text to verify authenticity. It’s much better to be safe than sorry.
- Prevent you and your employees from even going to a malicious website in the first place. Quad9 is a free user privacy-focused managed DNS service which takes less than five minutes to set up on an individual computer (see YouTube instructional videos for a Mac or a PC). You can even protect your Android devices with Quad9.
- Do implement email authentication protocols such as DMARC for company-wide emails to mitigate successful phishing campaigns. These are the tools that most email servers use to verify email messages before they reach the intended recipient. Emails that are not adequately authenticated typically wind up either undelivered or in the spam folder.
Set up two-factor authentication across your business now
- Start by requiring that everyone use strong passwords. These long strings of random numbers, letters, and characters are much harder to crack.
- To make it easier to track all those strong passwords, provide a password manager app for employees. With a secure, easy-to-use password manager, you can manage your login credentials across all devices.
- If you are only relying on passwords to authenticate users, update your account policies, and turn on two-factor authentication. Whether your systems are sending texts to an individual’s mobile number or you are using an authentication tool like Google Authenticator to add a layer of protection from cybercriminals, two-factor authentication is a free and effective way to protect your business’s data infrastructure and accounts.
Enforce auto-updates on all computers
- While larger businesses typically provide a company laptop and can control update policies, many startups and smaller companies rely on Use-Your-Own-Device strategies to save on costs when staff are working remotely. While this does help with cash flow, it usually prevents the business from ensuring that an employee’s personal computer that is being used for work is updated appropriately.
- Skipping software updates is a mistake that exposes that computer to hackers who can access your company’s proprietary information, as well as any employee personal data they might have on that laptop. Tell everyone how important it is to set up auto-updating policies for your computer. The latest updates and security patches will at least protect them.
- This recommendation includes mobile devices. Select auto-update in your cellphone’s setting to ensure that all your mobile apps stay current. The average smartphone owner uses 30 apps a month, and will have at least twice that many installed. Setting up auto-update saves time and effort and prevents easy access from malicious apps or hackers.
Working in public spaces
- It’s going to happen. At some point, an employee working remotely will think of using public WiFi for work. Never use public WiFi to connect to the Internet.
- A virtual private network encrypts your internet activity and keeps all your transmitted data secure and private. It is the safest way to protect your company’s financial and proprietary information as well as any personal information online, in all situations.
- If you do not use a VPN connection to connect to the Internet, you are putting yourself at a higher risk. There are many VPN services to choose from—pick one and use it consistently when not connecting to a trusted WiFi network.
Even though these are four ways you, your employees, and your business partners can take right now to mitigate cyber-attacks, they are more measures you should take to fortify your business from cybercriminals.
From only allowing access to your network from devices that meet your policy standards to the vast array of free tools that you can find on the nonprofit organization Global Cyber Alliance’s Cybersecurity Toolkit for Small Businesses, help your employees as they are working remotely.
Take this time to strengthen you and your employees’ cybersecurity to give your company better odds of long-term success.
Guest author Joshua Lawton-Belous is the Global Business Officer at the Global Cyber Alliance. Follow him on LinkedIn and Twitter.
The featured image is of a laptop and cellphone. Image credit: Goran Ivos on Unsplash.