Many businesses have had staff members working from home for a year. For most, the transition from office to home was rapid, and likely included many shortcuts and “temporary” adjustments. Remote working also presents an increased danger of cyberattacks from hackers and online criminals. Without the protection of a robust office firewall and secure network, sensitive information was traveling over public wi-fi that was unsecured and ripe for a data breach.
If you have staff members who continue to work remotely, or if the work-from-home environment is one that will become a permanent or part-time option, you need to ramp up your efforts to secure communications from home to office. Here are six important steps to take.
- Get into the Cloud – If your company is not storing its data and files in a secure, cloud-based network you should do so immediately. Cloud-based apps for accounting, CRM, file sharing, and creative efforts offer superior security and safe access – if you take the necessary precautions.
- Virtual Protected Network (VPN) – Don’t allow team members access to company data simply by being online. A VPN requires users to sign onto a specific network in order to access certain applications.
- Multi-Factor Authentication (MFA) – MFA is a two-step process that helps to ensure the person logging onto a network or application is, in fact, who they say they are. The two steps required are a password and unique security code, typically sent to an email address or cell phone. Does MFA take a little more time? Yes. Is it essential to security? Also, yes.
- Zero Trust Security – Zero Trust architecture is the highest level of security currently available. No devices are ever considered to be inherently safe. All devices and users must prove their authenticity at all times, use the most updated patches for all software, with security assessing threats in real-time.
- Devices Policy – Do you provide remote workers with company-owned laptops, tablets and mobile phones? Or do you allow them to use their own devices? Allowing employees to use their own devices for business opens your files up to malware and viruses that can enter through social media and casual use. The best route is to provide “business-only” devices. If not, a VPN and MFA can provide limited security.
- Education – This should be number 1 on the list. The weakest part of your company’s defense against cyberattack is the human element. And that includes the business owner and management! Everyone should be formally trained to identify and be alert for phishing emails, suspicious attachments, spoofed emails and other cyber threats. It is estimated that 70% of data breaches are the result of a human error.
The threat posed by cyber criminals is not limited to giant multi-national corporations. Advances in technology make it cost-effective for hackers to target even the smallest businesses, which are often the least prepared to defend themselves. Don’t let it happen to you.
For more information on cyber security and how to protect your company, please call Gray, Gray & Gray at (781) 407-0300.