Enforcing CyberSecurity When Working from Home
By TRISOFT team
In today’s business environment, more and more companies have taken their activity and portfolio online, therefore the need for cybersecurity is greater than ever. Whether attending video conferences, sharing documents or conducting sales over the Internet, it’s almost impossible to estimate how many people are involved and how much of the total economic activity is now taking place from the comfort of one’s own home, where the firewalls, antivirus software or other security solutions are not very elaborated or up-to-date.
And when talking about cybersecurity, everyone should take this aspect seriously. Regardless if we are talking about a simple website, online stores or any kind of web-based activity, any company is at risk for a cyberattack. Although we may believe that it only happens to large companies, the truth is that small businesses are much more targeted than anyone might think, and their limited resources for investing in safe network systems make them even more vulnerable. They are easy targets for hackers, competitors and disgruntled parties.
So what can these companies do to reinforce their digital workplace?
1. Update software and network security
Even though this should be done on a regular basis, the current situation demands that all employees working from home, from personal or office-supplied devices, on wi-fi connections or other kinds of Internet service providers, should be checked and updated in a massive general operation. Operating systems, antimalware software and routers should be taken into consideration, their weaknesses eliminated and protected against any type of vulnerabilities.
2. Educate employees
Employees must be made aware of the different methods that cyberhackers use to infiltrate systems. They should be able to recognize the signs of a breach immediately and take preliminary steps toward solving the problem or reporting it to the department in charge of eliminating such threats.
People must be advised not to open emails from unknown addresses, e-mails that contain great business deals or which seem to come from a boss or coworker but have a few elements wrong (letters, numbers, web host) — so-called phishing emails. Also, they mustn’t download onto their devices anything that does not come from a reliable or well-known source.
3. Implement formal security policies
In this sense, companies can even implement formal security policies that everyone must observe — that is, rules that everyone can use to protect the system and the business against attackers.
A good idea is holding regular meetings and seminars which profess the best tactics for strengthening cybersecurity at home: using strong passwords, identifying and reporting suspicious emails or breach attempts, activating multi factor authentication.
4. Enable multifactor authentication
Although it’s a good start to use complex passwords that include capital letters, numbers and special characters, at the end of the day, it’s a fact that almost any password can eventually be broken.
That is why adding an extra layer of protection, namely two-factor or multifactor authentication, will require additional actions apart from inserting a password and will decrease the chances of a breach.
5. Set up remote access
The IT department should make sure to establish remote access protocols. Although it’s fairly difficult to implement, since onsite access to devices must be granted, in order to issue multifactor authentication tokens, in the end, it will represent a great investment of money and time and will save the business a great deal of data and economic losses.
6. Reinforce confidentiality
Remind employees that they must maintain the same level of professionalism at home as they do at the office. That means keeping documents and sensitive information “under lock and key”, not allowing children or other family members to have access to their work email or leave their laptops/devices open for everyone to see and use.
Uninstructed people might take perilous action, downloading malware or sending critical data to someone outside of the company.
7. Update emergency contact information
If employees cannot be reached through e-mail or the preferred business video or audio call application, due to a power outage or if the company falls victim to a cyberattack, managers must make sure that they have another way of reaching their personnel, in order to take measures against this threat together.
The essential information that every company leader should have is a list of personal phone numbers, physical addresses or a safe way of contacting people, which avoids any digital intrusion.
8. Practice the incident response plan
Despite the company’s best efforts, there might come a time when it will fall prey to a cyberattack. If that day comes, it’s important that the staff is trained and able to handle the situation and its consequences. By concluding a response plan, breaches can be easily identified and eliminated, before causing serious damage.
At TRISOFT, we believe it’s everyone’s responsibility to take part in the process of enforcing a company’s cybersecurity. Employees must be liable for what they do at home and how they protect their working environment, while companies must instruct, train and offer them the tools needed for implementing the methods for protecting the business’ systems, finances and data.