The projected COVID surge is happening and many employees are working from home again. This unfortunately increases the opportunities for cyberattacks. It has already been a challenging enough year, so make sure your company’s intellectual property is protected against breaches and hacking.
Risk = Threat x Vulnerability
Unfortunately, cybersecurity threats are always present. So, let’s focus on minimizing vulnerabilities.
Even if working remotely hasn’t exposed any vulnerabilities or triggered any issues thus far, basic guidelines should still be developed and shared. You need to safeguard that peace of mind. Even without an IT department, there are ways to increase your cybersecurity.
- Home office expectations Outline your requirements for a secure, password protected Wi-Fi router at employees’ homes (WPA2 or WPA3). Ask employees to change their router password every few weeks, using password best practices. Consider a vulnerability scanner that regularly checks your network, web servers and applications to reveal weaknesses that attackers may exploit. It can test work-from-home systems for outdated software and default passwords.
- Company-provided vs. personal devices Ideally, access to your internal network should only be allowed on company-provided devices. When this isn’t feasible, all personal devices including smartphone, computer or tablet must have strong passwords and updated antivirus software. Explain what business information can and cannot be stored, downloaded or copied onto personal devices or cloud services such as a personal Google Drive or Dropbox account.
- Collaboration and messaging apps (Microsoft Teams, Slack, WhatsApp) These apps were never built to be secure at the enterprise level. Employees can inadvertently include someone or conversely forget to remove someone from group messages. Provide guidelines regarding the usage of these.
- Network security A VPN (Virtual Private Network) allows for a flexible connection to your internal network by encrypting all traffic. This ensures data shared with the network are safe from hackers. Unfortunately, free VPNs slow internet speeds, so experts recommend using paid options. To minimize exposure, decide which employees need access to the network vs. cloud-based services and email. Incorporate multifactor authentication for access to the full network and cloud-based services.
- Education Minimize human error by training employees on safe online practices and proper usage of company issued software and tools. This includes how to avoid clicking on malicious links and leaking passwords. Unfortunately, cybercriminals are exploiting the current COVID chaos. Employees should be very careful with any email that asks for sensitive information.
- Clear procedures If remote workers have a security concern or technical issues, there should be a protocol for what to do in each instance. Provide contact information for IT personnel.
MidwestHR is a certified professional employer organization (CPEO) and we have been partnering with small- and mid-sized businesses for over 20 years. By outsourcing your HR to us, your company can access state-of-the-art HR software that keeps your personnel information secure. From start-ups to established companies, we have experience helping our clients with technology solutions that scale. If you’re not sure how to proceed, we’re happy to share our thoughts on all your available options. We want you to find the best solution even if that means referring you to another vendor. Give us a call at 630-836-3000.