Minnesota companies and their employees have been charting new territories over the past several weeks and are feeling the strain COVID-19 is putting on their business operations. Even though most have settled into a new routine of working remotely, cyberattacks still pose a considerable threat with fraudulent activity on the rise.
Moving from a controlled and secure office environment to working remotely creates vulnerability and poses a unique set of cybersecurity risks. Many companies were unprepared for this abrupt change. It’s imperative to set clear expectations with employees and provide guidelines for teleworking practices.
Setting policies can go a long way. Here are seven cybersecurity best practices.
1. Establish strong passwords. It’s common for people to use the same password across multiple accounts. But that means one compromised password can allow attackers to access all other accounts. This is called credential stuffing — when an attacker uses leaked usernames and passwords to log into other online accounts. It’s critical that passwords are unique for every account, changed regularly and comprise a long string of uppercase letters, lowercase letters, numbers and special characters. Consider using a password manager. Two tools technology specialists rely on for securing business and personal passwords are LastPass and Dashlane.
2. Enable two-factor authentication. Passwords are not enough to protect your online activity. For an additional layer of protection, add two-factor authentication and multi-factor authentication to your accounts, which requires validation through e-mail, text message or biometrics.
3. Utilize a virtual private network. Unsecured Wi-Fi networks are prime spots for malicious parties to spy on internet traffic and collect confidential information. When forced to use an unsecured public Wi-Fi network, use virtual private network (VPN) software. A VPN will create a secure connection and shield your activity. If you need a VPN and don’t know where to start, CSO Online offers excellent options.
4. Invest in endpoint security software. Personal devices and home networks often lack security tools built-in to business networks. Protections such as automatic online backup tools and customized firewalls will help mitigate risk, but there’s still a chance some threats will get through. Additionally, traditional antivirus measures detects less than half of all attacks on average. Companies must use up-to-date endpoint protection software, which uses a multifaceted approach to protect networks and endpoints. Executives should also make sure they have protocols in place to ensure that any personal devices are validated before allowing them to connect to the company network.
5. Secure home routers. Home routers are the gateway to the internet. If not secured, remote workers, businesses and families are vulnerable to attackers. To protect your network, change your router administrator account password; update your router firmware and enable automatic updates using instructions on your device’s administration page; and ensure your encryption setting type is set to WPA2 or WPA3.
6. Install updates. Device updates can come at inopportune times, but they are vital. If you haven’t done so, ask remote workers to set their devices to run updates automatically to help mitigate disruptions during essential hours of business.
7. Be vigilant against phishing e-mails. With the surge of remote working, we’re likely to see an uptick in malicious campaigns used by cybercriminals to “phish” for information by masquerading as a trustworthy source. Check the sender’s e-mail address for spelling errors, poor grammar in the subject line and the body of the e-mail and hover over links to verify the URL source.
Most importantly, never click on the links or open any attachments in an e-mail, unless it’s from a trusted source. If any doubt exists, contact your company’s IT department for validation.
Maintaining good cybersecurity practices with a remote workforce is achievable for most to implement and the benefits extend well beyond protecting companies. It protects businesses and families equally and takes everyone doing their part to mitigate risk. As managers educate employees on company cybersecurity policies and what steps must be taken, they would be wise to communicate the personal benefits workers and their families also receive by complying with best practices.
Rob Peterson is the director of information security at Concord USA, located in Hopkins.