It’s clear that working remote may be our new norm – even as restrictions are gradually lifted. But SMBs have been hit particularly hard during this pandemic, not only changing where we work, but how.
While we all do our best to work remotely, it’s important not to forget the risk we might be incurring as we do. Especially when working from home and outside the typical secure parameters established within the corporate network. To help ensure that your SMB data is safe and protected, consider these 10 cybersecurity tips:
- Remind users to refresh their passwords. It’s a simple, but often neglected, best practice. Advise your users that when changing their passwords, they should use 12 characters, plus special characters, to create the strongest defense from hacking. As our users are working away from their corporate network, the best method to ensure your users refresh their passwords are via a self-service portal option offered via a typical Internet browser.
NOTE: Multifactor authentication (MFA) needs to become the minimum standard while reducing the number of times a user has to reset their passwords.
- Clean up user accounts. Now is the time to prune out any non-active accounts. Disable accounts for former employees or contractors and be sure that your existing users have been assigned appropriate roles with the least privileges they need to get their job done.
- Revise your employee validation process. With users out of the office, face-to-face discussions about important financial or business requests are limited often to email. This can be a risky way to request changes to things such as direct deposit details or wire transfers. By adding a more secure validation and personal telephone confirmation process for such transactions you can minimize both error and fraud.
- Establish frequent communication with remote workers. Remind remote workers often about IT policies and best practices. They want to do what’s right and follow your guidelines, but if not reminded they may resort to non-compliant ways to get their job done, such as leveraging unauthorized “Shadow IT” tools. By providing regular direction and guidance you can avoid this risk and remain compliant.
- Embrace a cloud collaboration platform. To further help employees avoid using non-compliant ways to collaborate, give them a collaboration tool you do authorize. Tools such as Google Drive, Box, Citrix ShareFile, Microsoft SharePoint, Microsoft OneDrive, etc. can empower employees to be more productive, while ensuring you can apply proper protection and policy control to remain secure.
- Distribute quick reference guides for company endorsed applications. Users like and use clear instructions, a 30 second YouTube video can go along way for user training. So, if you are recommending collaboration tools, tell users how they should be securely using them. If you are endorsing the use of Zoom with a free account, for example, communicate how it should be used. Be sure when you prepare your guides that you disclose privacy considerations, such as saving recordings or chat discussions. Offer details too on recommended settings that create higher productivity, such as breakout rooms or non-verbal communications.
- Prevent remote controlled applications. When users are working from home, they may not be aware of certain applications that might be enabled without their knowledge. Use an application control solution that will prevent remote enabled applications, such as LogMeIn, RDP, or TeamViewer, if you don’t want users using them.
- Enable remote patching and policy control. As users work from home, be sure that their systems can securely communicate with your corporate infrastructure to receive the latest policies, patches and updates. It only takes one device that hasn’t been patched to let a breach into your network.
- Provide guidance on disposal of printed materials. Security risk isn’t just digital. Ensure that your remote workers know the proper way to destroy sensitive printed materials they may have at remote locations. You don’t want users printing customer or PII data that isn’t properly disposed or stored at home.
- Deliver regular security awareness training. Even the most diligent employees can be caught off guard by a phishing attack if they are not careful. This risk increases when remote working because the distractions are often higher. The best defense is employee training. Establish weekly phishing campaigns with mandatory corrective actions to keep employees on the lookout. Training programs can be complemented with awareness videos and instructional reminders to ensure employees don’t get lax.
As we all work to get accustomed to the “new norm” in today’s work environment, it’s critical to not let our cybersecurity guard down. SMBs that take heed of these 10 tips will be more apt to not only survive but succeed and grow.
Daniel Martin is the Principle Security Consultant and vCISO for Veristor, an IT solution provider and consultancy specializing in advanced data center, security, networking, hybrid cloud, and big data technologies and guiding businesses to the right solutions for their most pressing challenges.