It’s official. Remote work is here to stay!
Plenty of businesses are taking the lessons they learned from forced remote work due to the pandemic and implementing more policies to allow for working from home. While that’s great news for some, your IT team may not be completely on board. Knowing that there are team members out there that might be using public WI-FI or not updating their security software can keep them up at night.
We’ve talked plenty about the importance of IT security, but it goes double for devices when they leave the confines of the office. Are you sure your employees are all adhering to the proper security protocols?
You might be surprised by how many of your organization’s security issues come from within. A major contributor is user error, which can lead to some pretty severe problems reaching from your data security, to your workflow, all the way to the continuation of your business itself.
From an employee accidentally clicking the wrong link in an email to accessing business data they have no reason to access, user error can span from accidental to outright malicious. This is made worse if a business neglects to remove a former employee from their system, which allows that employee to continue accessing the business’ network or, worse, to sell their access credentials to the highest bidder.
Please Be Advised
Some people have used the pandemic to exploit businesses and individuals into revealing sensitive information. Please exercise caution in handling any email related to COVID-19. This caution should also apply to social media posts, texts, and calls.
Do not click on any links relating to COVID-19 without checking that they are valid links. Hover over the link to see if the URL at the bottom of your screen is legitimate or is from the sender they claim to be. If you have any questions about the validity of an email, reach out to your trusted IT consultant, or feel free to reach out to us.
Essential Cybersecurity Considerations in a Remote or Hybrid Work Environment
If you want to protect your business, the best place to start is to educate your employees on effective cybersecurity protocol, as well as test and reinforce it. Your employees are the first line of defense, and they can help protect themselves and your business.
In addition to providing education, here are some essential cybersecurity considerations for a remote or hybrid work environment that can be shared with your employees:
1. Utilize the company network to store files.
All company-related data should be stored on the network instead of personal cloud accounts or personal Google Drive or Dropbox accounts. If it’s a company doc, it needs to go on the company network.
2. Don’t connect unknown devices to your computer.
Small devices, especially USB thumb drives, can present a very real danger to the company’s devices and infrastructure. You can never be sure what they contain. When in doubt, throw it out (or, you know…don’t connect).
3. Don’t download or install software without approval.
Unapproved software can cause problems that affect the entire network. Speak to management first to ensure that it will not cause an issue with an application or code that has been implemented.
4. Don’t respond to unsolicited or unfamiliar emails.
If you get an unsolicited email, do not react or respond, as it could contain ransomware disguised as attachments. Instead, notify your IT department or IT service provider so they may investigate. This tends to be common with unsolicited proposals and resumes. (Watch the video above to learn how to catch a spam email in its tracks!)
5. Don’t accept unsolicited support from an incoming caller.
If you receive an unsolicited phone call from someone claiming to represent Microsoft support (or any generic tech support), hang up. These calls are often fraudulent attempts to gain illicit access to company assets. Make sure staff are educated about who to call when they need support or how they can verify if a support call is legit.
6. Create strong and memorable passwords.
Watch the video above to learn how to create strong and memorable passwords.
Remember: Don’t reuse your passwords and the more complex, the better.
7. Clear all mobile devices with management.
Before you use your personal mobile device for work purposes, make sure you have the approval to do so. Your device might not keep some company data secure.
8. Think before you click.
Take a moment to consider any links you receive in correspondence before clicking on them. Is it coming from a trusted source? Have you confirmed the legitimacy of the link through another means of communication? Links can often be disguised as cyber threats. When in doubt, don’t click.
9. If you have a question, ask.
There is no such thing as a dumb question when it comes to IT and security. If you have a question, ask.
Security is everyone’s responsibility, but your employees won’t be able to fulfill that responsibility if they don’t know the proper methods to ensure that your business remains secure.
Want to talk about remote work setup?
Exact IT Consulting is here to help wherever possible to assist in facilitating a secure remote work environment. Please reach out to us if you need assistance.