Updated July 2020:
At Computer Security Solutions (CSS) we have been closely monitoring monitored the situation surrounding the outbreak of COVID-19 (coronavirus). The health and well-being of our employees and customers remains the utmost importance at CSS.
We have had many clients ask us what the coronavirus outbreak means to them as an owner or employee of a small business … here are our thoughts:
This outbreak may mean that you are required to take time off work, either to minimize your exposure to others, or because you have a child or loved one who is unable to attend their work, or school. We are all going to have to get used to working remotely as best we can.
Even so, we must remain vigilant against cyber-threats and use safe computing practices to ensure that our work data remains safe.
If you are in an industry where you handle sensitive personal data, or health related data, we expect your employer will have a remote working policy in place already. It might be that you are unable to work remotely, or must use a device provided by work to keep this data secure.
If you don’t fall into that category, we have some tips and tricks that you might benefit from in this new remote working reality.
As the pandemic continues, even entering a 2nd or 3rd phase, the new reality is that we should all be planning on working where-ever we are. From home, from a patio, or from a park. As we socially distance our bodies, we must communicate with our cloud systems and our team-members in a secure and efficient manner.
This will mean we need to get comfortable with cloud phone systems, with MS Teams, Sharepoint and much more.
We also need to ensure that our communications to those cloud systems are secure and not being snooped on. This means continued education to staff members on what is a good remote 3rd-party WiFi and what is not. We should also consider using VPNs for all communications and our endpoint protection systems need to provide multi-level protection from DNS filtering to advanced network isolation.
At the same time, we need to revisit those Bring Your Own Device (BYOD) policies and ensure that devices with company data on are protected from lost or theft by deploying centrally managed encryption.
The good news is that these tools are relatively easy to deploy if your team is disciplined. If they are not, or they might ‘forget’, we can enforce policies that make sure your company data doesn’t fall into the wrong hands.
During the early days of the Coronavirus outbreak, it might have been acceptable to push these matters down the road about, but we all need to realize, this situation is the new “way it is” – so now is the time to put these protections in place – DO NOT WAIT!
Remote work should be safe work:
Cybersecurity Education
Cybersecurity awareness training for every employee in your organization is an absolute must have.
Wherever they’re working, everyone will benefit from knowing how to recognize a phish, create strong passwords, avoid social engineering scams and apply IT security best practices.
Free basic training is available from many vendors for small and micro-businesses, but if you need to provide evidence of training for compliance, talk to us about professional grade training that offers reports and audit logs.
Education is key:
Even if you are not ready for paid CyberSecurity education, please avail yourself of these resources:
VPN and Secure Access to Data
You cannot simply turn your workforce loose and tell them to go work from home without securing the connections to work data.
Even if you use a cloud solutions such as G-Suite or Office 365, we recommend that you use a VPN tunnel so that connections to your work data are fully secured.
While you might not have to worry about your team members using unsecured WiFi in a coffee shop during the coronavirus outbreak, can you trust all the devices on their home networks? How about after the outbreak?
Once the Covid-19 outbreak is over, a properly secured personal device, or work-issued laptop can be used for remote work moving forwards. Contact us for recommendations on VPNs that are trustworthy, because not all of them are!
2FA / MFA
Before sending your workforce off to work at home, you should consider turning on 2-factor authentication. Whether you are using Office 365 or a VPN tunnel to the office, make sure that authentication is not just username & password, but also a 2nd factor such as Google Authenticator or Authy.
2FA provides an added layer of security so that even if a username & password become compromised, the hacker or cyber-criminal cannot access your company’s sensitive data without access to that extra authentication method, be that a cell-phone code or security token
If you have domain authentication, we have 3rd-party 2FA such as ESET Secure Authentication, which can be deployed in minutes and centrally managed.
Data in the Cloud and Collaboration tools:
Office 365 / Sharepoint
If your business uses Office 365, we recommend that you move to using Sharepoint as your cloud storage solution.
Microsoft originally launched ‘OneDrive’ as their cloud storage solutions, and many small businesses still use it. Quite honestly, it’s horrible compared to DropBox even as a way of sharing data.
Fear not, Sharepoint is here:
After it became evident that OneDrive was simply unhelpful (at best) to small businesses who needed to work collaborative, Microsoft took their Sharepoint product to the next level, and even if you are not ready to embrace sharepoint as a way of doing business, flipping it on and syncing using sharepoint makes collaboration on documents so much better. Ask us how to make the sharepoint switch quickly and easily.
Microsoft Teams / Zoom
You can buy a subscription to Zoom Video Conferencing for everyone in the company, but if you already using Office 365 Business Premium or higher, then you have a solution that you could use already.
Microsoft Teams comes with most business subscriptions to Office 365, and it’s a great tool for sharing documents in chat, making VoiP calls (it replaces Skype for business) and even for video conferences. It is available on desktop and mobile devices at no additional cost to your company.
Need a microphone or webcam for a desktop computer? Consider these highly rated options:
Microphones:
Webcams:
Business Grade Antivirus
The last thing you need is for a remote employee to be using a compromised computer. But how can you tell?
In a nutshell, you can’t know unless you are providing the anti-malware solution.
We’re not saying that an antivirus or anti malware solutions is the be-all and end-all of CyberSecurity, it’s after all, just one tool. But if you are letting your team use their own devices, how about you offer them antivirus as a benefit?
Adding a few licenses to your existing subscription won’t cost much; even adding their personal PCs onto your managed IT subscription will give you peace of mind.
We can ensure that your remote workers’ machines are:
- up to date with their updates
- running a trusted anti-malware
- monitored for hardware failures