No. 1: Enforce basic cybersecurity hygiene.
An organization’s cybersecurity is only as strong as its weakest link, and all it takes is one employee — even a well-intentioned one — to cause that chain to break. Enforce cybersecurity best practices such as using strong passwords, not sharing passwords across multiple accounts, implementing two-factor authentication (often free) and accessing sensitive files only from trusted devices and VPNs. Also, some simple and inexpensive employee cybersecurity awareness training can ensure employees are familiar with the most common and current attack schemes and educated on how to handle a situation if they think a cybersecurity incident has occurred. (iStock)
No. 2: Reign in ‘Shadow IT.’
Shadow IT refers to computer systems, applications or devices being used without explicit organizational knowledge or approval. For example, do any of your employees access their work email from their personal cell phone? Attempting to completely shut down Shadow IT isn’t realistic, nor is it necessarily helpful to your business, however it’s important to identify any apps or devices that could pose the highest risk. Clearly communicate which products or services are forbidden, and explain why so your employees don’t feel unjustly blocked and circumvent the rules. Also, consider putting processes into place that allow your IT team to quickly approve or disapprove new applications that employees express interest in. (iStock)
No. 3: Organize back-end technologies.
Cloud-based apps can be a godsend for ensuring a seamless work environment for remote employees, and many also provide the invaluable service of backing up all of the data being generated outside an office’s walls. Services such as G Suite or Microsoft Office 365, for instance, can allow employees to create, edit, organize, share and automatically backup documents, spreadsheets, presentations and more, no matter their location or device. Consider migrating some or even all of your files storage to a trusted cloud provider to optimize flexibility and more easily manage, secure and backup your business data. (Shutterstock)
No. 4: Duplicate storage.
With its infinite scalability and relative affordability, cloud technology can be an ideal data storage resource. However rather than relying entirely on the cloud or trusting your employees to only use secure cloud services with automatic backup capabilities, duplicate your most critical business data so at least one copy is kept separate from cloud data centers and stored offline via encrypted backup tapes. This is a critical action to protect your business from the impact of a ransom attack, where a hacker blocks access to your systems or data until a ransom is paid. (iStock)
No. 5: Get cyber insurance.
Cyber insurance is an important, final step for protecting your business against the dangers of employees working remotely. Considering the significant financial demands many SMBs face as a result of a security incident, look for plans that cover immediate business costs (e.g. lost revenue due to the interruption of business, ransom, regulatory or legal fines). Also, be sure to implement coverage that includes such crisis response services as coaching and guidance on how to respond to a breach. (Shutterstock)
Remote work could be the future of work.
Currently, 3.9 million Americans work remotely, which marks a 115% increase from 2005. Estimates indicate that more than one-third of employees will work remotely in the next 10 years. Desire for greater flexibility and work/life balance is partially responsible for this trend, in addition to an ever-increasing number of businesses that are based entirely online. With cloud and mobile technologies making it easier than ever before to communicate and collaborate regardless of location, organizations are embracing remote work as a way to cut costs and satisfy employee demand.
Online security concerns grow
Despite the productivity and cost-saving benefits of remote work, the concept introduces serious cybersecurity risks that have the potential to devastate entire businesses. For example, if an employee logs on to their email via a coffee shop’s public wifi, that individual runs the risk of sending their work emails, customer information and other business data directly to hackers rather than to the wifi connection point. Furthermore, thanks to a massive flaw discovered in WPA2 (the encryption standard that secures all modern wifi networks) last year, the employee’s encrypted information could be easily accessed by anyone near the coffee shop if their device hasn’t been updated with the relevant security patch.
Small and medium businesses (SMBs) are particularly vulnerable to remote work security risks, as they usually have fewer resources to proactively prevent and/or recover from cyber attacks. Also, most consumers are wary of doing business with new, unproven companies, so if a data breach were to occur as a result of an employee working remotely, any newfound customer trust or loyalty could be rattled.
The slideshow above spotlights five key best practices SMBs should incorporate in order to safely benefit from the remote work trend.
To participate in the undeniable trend of remote work and securely reap its benefits, continually enforce basic cybersecurity best practices, even the most rudimentary ones. Invest in basic cybersecurity hygiene and education. Prioritize reigning in Shadow IT and evaluate your back-end technology to ensure it can support a scattered workforce. Replicate at least one instance of your critical business data offline, and take advantage of affordable cyber insurance options to ensure your hard-won business isn’t crippled in the event of a remote employee-induced data breach.
Ari Vared ([email protected]) is a vice president at CyberPolicy and CoverHound.