As the balance shifts across North America between workers continuing to telecommute and returning to their offices, a new set of challenges will arise.
Some will apply to cybersecurity as data hacks continue to escalate and cybercriminals attack vulnerable targets. Some will apply to physical infrastructure as office setups must be reconfigured to adhere to social distancing protocols. Some will even apply to good old-fashioned sanitation as we rethink the way we keep our computers and workstations clean.
So whether your company is sticking with remote work or transitioning to a hybrid in-office/work-from-home phased approach, CMIT Solutions can serve as a technology resource during these challenging times. Below are 10 best practices for securing your home office, making necessary changes to workflows, and keeping employees and clients safe as the business world continues to evolve.
1. Standardize policies for using office equipment at home (or personal computers for work).
When stay-at-home orders were issued across North America back in March, many businesses responded on the fly when it came to what computers and accessories employees were allowed to use and where. Now’s the perfect time to reassess those policies and formalize them if needed, defining each employee’s use of either company-owned devices at home or personal computers for work purposes. No matter what, make sure all computers are current with software updates, security patches, anti-virus, and other tools that can prevent vulnerabilities in older operating systems. If you have to share a computer with family members, set up separate user profiles that can keep important information sequestered and safe.
2. Make sure your Wi-Fi network is safe.
It might be a while before many of us start using public Wi-Fi networks at coffee shops, libraries, or airports again. But until then, don’t just assume that your home Wi-Fi is safe. Make sure routers are password protected; if you haven’t changed the password since you started using the router, now’s the perfect time to update it. If you are faced with the prospect of signing on to unsecured public Wi-Fi, use the personal hotspot on your cellphone instead.
3. Secure the physical environment of your home or work office.
Moving documents and devices from one location to another always poses a slight risk. But many of us don’t consider the security risks right in our own homes or offices. Want to preserve the integrity of your conversations? If you have a smart speaker like Amazon Alexa, Echo, or Google Home, consider unplugging those devices when you’re working or talking business. Want to protect your computer in the event of a power outage? Use a power strip with battery backup instead of plugging your computer cord into the wall. Don’t want anybody prying into your personal files? Lock your computer when you walk away. And always cover the camera on your laptop any time you’re not using it for videoconferencing to prevent rogue hackers from accessing it. Finally, if you will be working in an office with other employees, make sure desks are spaced adequately apart, and pay extra attention to cleaning and sanitation of your desk, keyboard, mouse, monitor, phone, and other high-touch points in the workspace.
4. Beef up your passwords.
In 2018, the US Department of Commerce’s National Institute of Standards and Technology (NIST) released new guidelines recommending a shift away from password complexity and toward user friendliness. The NIST guidelines now call passwords “Memorized Secrets” and recommend that users create long passphrases that are easy for them to remember instead of convoluted strings of nonsensical numbers and letters. The use of special characters—!, @, #, $, %, and the like—is still recommended, and passwords still shouldn’t include personally identifiable information like a child’s birthday or pet’s name. Don’t save your passwords in a document or write them down on a physical slip of paper; instead, consider using a password manager, which serves as a digital vault storing the login information you use to access apps on mobile devices, websites and other services. Switch up passwords between platforms, and always use multi-factor authentication (MFA) whenever possible. This extra layer of protection requires something you know (your password) AND something you have (a unique code delivered via text message or email).
5. Review infrastructure and equipment.
Most businesses will operate much differently this summer than they did this spring. Whether you’re spreading out desks to meet six-foot social distancing requirements or investing in new equipment that better supports remote employees, infrastructure and communication needs will probably deserve attention. Working with a trusted IT partner, review your company’s operations over the last few weeks and identify any shortcomings or areas for improvement. Effective platforms that enhance employee connectivity and collaboration are essential, so prioritize those if telecommuting will remain in place. And if in-office operations will return, emphasize policies that will help everyone stay safe.
6. Use caution with videoconferencing.
The use of online meeting platforms has boomed over the last two months. With that exponential increase in users, however, comes a surge in cyberthreats and sabotage. Bad actors have used public meeting links to crash online conversations with shocking content or harassment, so avoid sharing meeting links on social media, generate random meeting identification numbers that require a password to join, and use host controls like waiting rooms, automatic mute, and screen share limitations to keep videoconferences safe.
7. Watch out for scams and phishing attempts.
Aside from these newfangled attempts, old-fashioned email, text message, and even phone scams are still a part of life. Don’t fall victim to these by inspecting sender information in emails and texts, checking for misspellings or awkward phrases, hovering over links before clicking on them, and staying away from unexpected or unfamiliar attachments. The most important rule of all, though, is that you should never share unnecessary personal information in an email. If someone you know requests a date of birth, a password, a wire transfer, or a bank account number, call them to confirm before sending.
8. Stop suspicious activity before it spreads.
If you suspect you may be getting hacked, or you clicked on something in an illicit email, immediately disconnect from Wi-Fi and/or unplug the Ethernet cord that is hardwired to your Internet. This can prevent the spread of ransomware or other viruses to connected networks and devices.
9. Don’t overshare online.
Many of us are spending even more time online during these quarantined days. But don’t let your guard down when it comes to sharing confidential information. Never tell the world too much via social media or unsecured email; some hackers glean all they need from Facebook posts and use that to set up social engineering scams that can steal your passwords. If you’re shopping online, make sure any e-commerce site is secured—look for “https,” not just “http,” at the beginning of web addresses, along with a lock symbol near the browser bar.
10. Take data backup seriously.
Whether you’re conducting business at home or in the office, one thing remains the same: it’s critical to have remote and redundant data backups created on a regular basis. Those backups should be monitored and tested for reliability, and your business should have a recovery plan in place so you know what to do if data loss does occur. If you’re working from home, remember that backing up work-related information to a personal computer could represent a breach of compliance. And with ransomware on the rise, maintaining a steady data backup solution is key to surviving a cyberattack.
Security experts predict that, by 2021, cybercrime will cost the world $6 trillion annually. And that was before the COVID-19 pandemic upped the ante, with data hacks and security breaches increasing in 2020. CMIT Solutions has dedicated itself for the last 25 years to protecting clients from malicious emails, human error, and the countless other cybersecurity problems that affect companies across North America.
We’re here to keep your business safe, no matter where your operations take place or when you’re planning on returning to the office. Contact CMIT Solutions today to learn more about how we defend your devices, protect your data, and empower your employees to do their best work.