Understanding Cybersecurity Maturity Model Certification (CMMC)
[ZOOM EVENT] Wednesday, June 23, 2021 @ 11AM-12PM ET REGISTER HERE
CYBERSECURITY BEST PRACTICES FOR REMOTE WORKERS
Before the COVID-19 pandemic hit, there were 7 million people working remotely in the United States, according to Business 2 Community. Statista reported that before the pandemic, 17 percent of U.S. employees worked from home five days or more each but that jumped to 44 percent during the coronavirus pandemic of 2020. What’s more, that number is expected to continue as remote workers stay at home as the New Year starts with the pandemic in full force.
With that being said, the rush to implement a remote workforce in the last nine months has left holes in the cybersecurity best practices of many organizations from the largest corporations to small non-profits. Here’s a look at the top methods for shoring up security for your remote workforce through the pandemic and beyond.
Employ a Virtual Private Network
A virtual private network (VPN) is used to provide online privacy regardless of whether your employees are working from home or the local coffee shop. With the use of a VPN, would-be hackers aren’t able to intercept traffic on your network making it safer to work, communicate, and even shop online when away from the office.
The way VPNs work is though encrypting all of the internet traffic of your employees, ensuring all data shared through the company’s VPN is secure. The ideal VPN for your organization depends on what firewall it employs. The cybersecurity experts at Dox can assist your company with the selection of a strong, affordable VPN.
Practice Password Hygiene
Educate employees regarding good password hygiene. First, teach staff that they need to use a different password for every account or application. According to InfoSecurity Magazine, as many as 65 percent of people reuse the same password for multiple or all accounts. No one should use the same password twice and passwords should be updated at least every six months for each account. This way, if someone does manage to get one of their passwords, it won’t allow a bad actor to get into more than one account or infiltrate your business systems.
While having different passwords for everything can seem tedious, password managers offer a solution to keeping track of different account passwords. Tell employees to NEVER write down passwords as sticky notes, files, and wallets can be easily stolen. There are free password managers available, but businesses can purchase one for all employees at an affordable cost. Some password managers we recommend at Dox include RoboForm, LastPass, and Keeper.
Teach your staff that passwords need to pass the test of variety. Every password they create should include a mix of the following:
Letters, both uppercase and lowercase throughout
While strong passwords help protect information, multifactor authentication can further reduce the risk of a cyber incident. Multifactor authentication can prevent threats passwords don’t address. For example, if your credentials fail to properly encrypt as they are transmitted within your company network or if an attacker guesses an employee’s password using hacking tools.
Anyone wishing to gain access to your business systems or networks from employees and partners to clients will be required to successfully present two or more forms of evidence (factors) that they belong there. This evidence may come in the form of a link sent by email or a one-time access code sent to a mobile device.
While nothing is completely hacker-proof, multifactor authentication used in conjunction with a VPN and strong passwords adds another layer of security to your organization’s valuable systems, networks, and data. Multifactor authentication software recommended by the IT experts at Dox include AuthLite and Duo.
Avoid Being Phished
With the COVID-19 pandemic in full swing, hackers have taken advantage of people’s fear and isolation to target them through phishing emails. According ZDNet, email scams related to COVID-19 surged by a massive 667 percent in March 2020 alone and users were three times more likely to click on a pandemic-related phishing scam. Verizon’s 2020 Data Breach Investigations Report showed that even before the pandemic started, more than 67 percent of breaches were the result of credential theft and phishing.
To avoid becoming the victim of a phishing attack, inform your employees that they should ALWAYS check the sender’s email address for spelling errors and look for bad grammar in the subject line as well as the body of the email. These are warning signs that something is amiss. Never open an email from an unknown sender and don’t click links or open attachments from unknown sources. Even if the sender is known, call them before opening a suspicious email to ensure it’s actually from them and they have not been the victim of a hack. You can even perform phishing simulations with employees through third-party cybersecurity vendors such as Dox so they can learn what to look for.
Keep Programs Updated & Patched
Though updates can be viewed as an annoying waste of time, employees, especially those working remotely, need to be taught the value of updates and patches. These updates, which often provide patches for security vulnerabilities in software, can be scheduled to occur in off hours to reduce downtime and delays. Remind employees who connect to company systems and networks using personal computers that they, too, need to conduct regular updates. Failure to do so could pose a risk to your business.
Work Devices vs Personal Devices
This brings up the issue of company-owned devices versus personal devices for remote work. In many cases there wasn’t time for businesses to provide work devices to their employees as they pivoted quickly to a remote workforce this year. Remote workers were often forced to use personal computers, laptops, tablets, and mobile phones to continue working. If your organization can afford it, it’s best to provide company-owned devices to every employee.
One benefit to this is that your company’s IT team or third-party cybersecurity provider such as Dox can install regular updates, run antivirus scans, and block malicious sites as well as take other cybersecurity precautions remotely. This can’t be done without permission on an employee’s personal device.
Another benefit is that work data stays on business devices. Your employees won’t be saving proprietary documents on under-secured personal devices. This may also become an issue when it comes to state or federal cybersecurity regulations. Having employees working strictly on business devices helps ensure regulatory demands for best security practices are met despite having a remote workforce in place.
Anti-Virus & Anti-Malware Protection
For additional security, Dox highly recommends an anti-virus and anti-malware software such as Sophos Intercept X. This software offers superior endpoint protection against a variety of threats including malware, ransomware, viruses, and other exploits. Intercept X provides queries to hunt for threats and has remote response capabilities as well. It also offers built-in artificial intelligence (AI) to detect both known and unknown malware without relying on signatures. Furthermore, it offers exploit prevention, managed threat response, and credential theft mitigation, protection from persistent threats, and malicious traffic detection.
To learn more about securing your remote workforce through the pandemic and beyond, contact Dox Electronics today at (585) 473-7766. We even offer a free, no-obligation initial consultation.