We are all impacted by COVID-19 and businesses are responding by keeping their “doors open” virtually by moving to online sales and using a remote workforce.
Our Chief Information Security Officer, Joe Danaher, has some great tips to make sure your remote workers keep your business safe from cyberattacks. Joe has spent his IT career navigating HIPAA security compliance and in the past 6-7 years, as the threats from hackers have evolved, staying 1 step ahead.
What is a VPN and how do companies use them for remote workers?
VPN stands for Virtual Private Network and is the safest remote connection. It creates an encrypted tunnel between your remote device and the servers and files at work. Windows 10 and Mac OSX have built-in VPN setup capabilities, however, you need a VPN service based on your type of business servers. This is a nice step-by-step article recently published by CNET regarding how-to for Windows: https://www.cnet.com/how-to/how-to-setup-a-vpn-on-windows-10/
Joe Danaher, CISO
If you’re not on a VPN, what steps do you need to take to protect your company when you are working from home?
Your employees must use 2FA (Two Factor Authentication) to access business applications. We recommend 2FA whether you are in-office or remote, also use strong passwords, like passphrases that are greater than 10 characters in length. Make sure your workstation has current patches and updates for the OS (Operating System), Web Browser and Adobe PDF Reader. Also, it is vital to have Anti-virus (AV). Windows 10 comes with Windows Defender as a free option. AV and patching are more of an issue if the remote worker is using their home computer and not a business computer that is monitored.
What should companies do to make sure they’re protected during this time? (with people working at home, offices unattended, etc).
The best method is to provide the employee with a laptop managed by the office. If the servers are at the office, IT can and needs to monitor those remotely. If your business is used to having staff present 24/7, consider a physical security option – alarms, cameras, etc.
Are there new scams coming up because of this crisis?
Any topic that becomes “hot”, like the pandemic, working remotely, toilet paper will attract cybercriminals, so be suspicious of any unsolicited offer. Unfortunately, there are several phishing emails and malware websites identified as cybercriminals trying to capitalize on the COVID-19 pandemic. The best advice is to avoid all unsolicited emails or websites and only trust sites provided by the government. Nationally, an excellent site is the National Governor’s Association site: https://www.nga.org/coronavirus/.
- In our major service areas:
- Kentucky, https://govstatus.egov.com/kycovid19
- Indiana, https://www.in.gov/coronavirus/index.htm
- Ohio, https://coronavirus.ohio.gov/wps/portal/gov/covid-19/
- Louisiana, http://ldh.la.gov/Coronavirus/
- Texas, https://dshs.texas.gov/coronavirus/
Are there risks that people don’t even think of?
Your staff will most likely experience new applications and ways to communicate. Not knowing how to use microphones and cameras with remote meeting software can lead to ineffective meetings or embarrassing situations. Your staff may need training on new tools and need help setting up their VPN or 2FA.
Is video meeting software safe?
Microsoft Teams and Zoom are two very popular and mature options. As with any software, setting it up correctly and making sure the users understand how to use it correctly is vital for success. Also, the meeting organizers must ensure the invitations are sent to the intended participants.
File sharing tips?
Using a consistent process and application across the business it important and lets you keep control of business files. Make sure employees know what service you are using, like Microsoft Sharepoint, OneDrive or Dropbox and how to properly access files and save files. Encrypted email may also be needed to maintain compliance if you are sharing protected/sensitive information (ex. HIPAA Guidelines). DO NOT save files to the local computer because your business may lose control of the file and likely it will not be backed up. If your employee is not well-trained, we guarantee they will save files to their computer.
Tips for backing up data, etc., while working at home
You will want employees to save all data to a location on the company network, like a file server, or a specific location on the internet, like Office 365. You need to maintain control of your data and back it up regularly to avoid further interruptions to your business continuity.
Any final tips?
Since working at home comes with a new set of office mates, make sure your kids and guests understand your computer is for work and should not be shared. Log off all business applications and web sites at the end of each workday and lock your computer whenever you walk away.
If you are not already doing so, it’s a great time to add Cybersecurity education to your mandatory workforce training. We have a great online training platform to make the process easy to push out to all employees.
Thank you, Joe! That was timely and helpful information.
At The AME Group, we take our own security seriously and can help guide you to make the most cost-effective decisions to boost your business’ cybersecurity maturity.