Minnesota companies and their employees have been charting new territories over the past several weeks and are feeling the strain COVID-19 is putting on their business operations. Even though most have settled into a new routine of working remotely, cyberattacks still pose a considerable threat with fraudulent activity on the rise.
Moving from a controlled and secure office environment to working remotely creates vulnerability and poses a unique set of cybersecurity risks. Many companies were unprepared for this abrupt change. It's imperative to set clear expectations with employees and provide guidelines for teleworking practices.
Setting policies can go a long way. Here are seven cybersecurity best practices.
1. Establish strong passwords. It's common for people to use the same password across multiple accounts. But that means one compromised password can allow attackers to access all other accounts. This is called credential stuffing — when an attacker uses leaked usernames and passwords to log into other online accounts. It's critical that passwords are unique for every account, changed regularly and comprise a long string of uppercase letters, lowercase letters, numbers and special characters. Consider using a password manager. Two tools technology specialists rely on for securing business and personal passwords are LastPass and Dashlane.
2. Enable two-factor authentication. Passwords are not enough to protect your online activity. For an additional layer of protection, add two-factor authentication and multi-factor authentication to your accounts, which requires validation through e-mail, text message or biometrics.
3. Utilize a virtual private network. Unsecured Wi-Fi networks are prime spots for malicious parties to spy on internet traffic and collect confidential information. When forced to use an unsecured public Wi-Fi network, use virtual private network (VPN) software. A VPN will create a secure connection and shield your activity. If you need a VPN and don't know where to start, CSO Online offers excellent options.
4. Invest in endpoint security software. Personal devices and home networks often lack security tools built-in to business networks. Protections such as automatic online backup tools and customized firewalls will help mitigate risk, but there's still a chance some threats will get through. Additionally, traditional antivirus measures detects less than half of all attacks on average. Companies must use up-to-date endpoint protection software, which uses a multifaceted approach to protect networks and endpoints. Executives should also make sure they have protocols in place to ensure that any personal devices are validated before allowing them to connect to the company network.
5. Secure home routers. Home routers are the gateway to the internet. If not secured, remote workers, businesses and families are vulnerable to attackers. To protect your network, change your router administrator account password; update your router firmware and enable automatic updates using instructions on your device's administration page; and ensure your encryption setting type is set to WPA2 or WPA3.