Remote work raises a lot of cybersecurity questions. I attended a training from Red Clover Advisors about best practices for remote more. Even as a small business owner without remote employees and VPN capabilities, I walked away with a few ways to better secure my business. This guide provides tips on how to secure different types of devices and how to protect your data.

The information below contains tips I learned from attending a webinar hosted by Jodi Daniels of Red Clover Advisors. I learned that cybercriminals are taking advantage of the rapid shift from in-office work to remote work. This document helps you implement best management practices for your firm.

Devices

Sometimes companies allow their teleworking employees to do work on personal devices. Using personal devices instead of issuing company devices makes sense for infrequent users because it saves money and most people have personal computers and they don’t mind sharing. More recently, COVID-19 has made working on personal devices more of a necessity. In the course of a long weekend, millions of employees around the world switched to remote work. It was not possible to give all of them work devices in such a short period, so as a stop-gap people started working from personal devices.

Tips to improve your security

• Require personal devices to have a password
  • Make those passwords long with a combination of letters, numbers and special characters.
  • Require passwords to be changed every 90 days.
  • Encourage employees to use different passwords for personal and work accounts.
  • Consider offering services like LastPass to save secure passwords.
• Add two-factor or multi-factor authentication. This is when you need a password to log into an account plus a second piece of information. It might be confirming your identity on a different device or the code your bank texts you before you can log into your online account.

Networks

Companies have networks that are well secured, whereas home networks or public networks are not well secured. When employees are offsite, they might access the network remotely. When an employee enters the secured work network from an unsecured home network, they may be making it easier for hackers to enter the work network.

Tips to improve your security

• Implement the password suggestions in the device section
• Set up a Virtual Private Network (VPN). The software offers secure communications between a home network and the company network.
  • Make sure you have enough licenses for all employees.
  • Design policies to limit usage to the network to core personnel and prescribe defined times or circumstances when non-core personnel access the VPN. If it is too slow employees will stop using it.

If the connection is too slow employees may download documents to their personal devices to work on it at home. This will be faster but is problematic from a document security prospective.

Identity Access Management

Identity access management deals with authenticating the validity of a user. It also deals with the type of access an authenticated user gets to the network. Many of these you are probably used to if you have online banking.

Tips to improve your security

• Make sure that people only have access to the information they need. A salesperson does not need access to company finances. A marketing person does not need access to breeding data.
• If no activity occurs in 15 minutes, then the session ends.
• When people leave the company remove their access.

Physical Device Security

These are tips for preventing devices from being stolen and taking the necessary steps if they are stolen.

Tips to improve your security

• Encourage employees to keep devices in a secure location
• Require all devices to use multi-factor authentication
• Limit what applications are allowed on the device

Data Protection

Teleworking often requires employees to access and store sensitive data on their personal devices or on devices outside of the office. This might be personally identifiable information or confidential business information.

Tips to improve your security

• Require multi-factor authentication before employees can access company resources.
• Teleworkers cannot save data to their personal directories.
• Make sure that all data is backed up in a second location, this will prevent ransomware attacks. If you have a second copy of your data, you cannot be ransomed for your data.
• Encrypting all PII at rest and in transit to prevent its unauthorized access or alteration.

If employees are saving data to their computers then they are not backing it up correctly. Without a backup, the data can more easily be attacked by ransomware.

Protect Against Phishing Scams

Phishing emails are an easy way to prey on employees. Phishing emails are the fraudulent practice of sending emails pretending to be from a reputable company in order to encourage people to reveal personal information like passwords or credit card numbers. These attacks should be taken seriously. The FBI estimates that they have cost people and companies over $26 billion worldwide in the last three years.

Tips to improve your security

The key here is to educate your workforce to look for the following things. If you find these things it might be a phishing email?

• Don’t click on links you don’t recognize. Hover over the link to reveal the company’s full URL.
• Look for poor grammar or spelling mistakes.
• Closely look at the URL, the sender’s name and email address that sent the email — are they correct?
• Does the logo or the information in the footer match the company’s real information?
• Is there a personal salutation?
• Are there attachments? Do they have spelling or other issues?
• Is the email from someone unexpected?
• Is the message overly urgent?