This blog is part 4 of our 4 part Cybersecurity for SMBs series.
Cybercrimes and ransomware attacks continue to grow in frequency and severity while disproportionately targeting less prepared small to medium-sized businesses (SMBs).
To improve their security posture, SMBs need to establish clear company policies around data protection and provide employees comprehensive cybersecurity training that encourages long-lasting behavioral changes.
SMBs need to understand that their employees are the gatekeepers to their business’s data and network. As hybrid work models become more commonplace, SMBs need to empower remote and in-office employees to work securely and productively.
To ensure hybrid work environments remain secure, here are several tips remote and returning workers can leverage to strengthen their cybersecurity.
Cybersecurity Tips for Remote Workers
COVID-19 is providing new opportunities for cybercriminals to exploit remote employees. Hackers are deploying sophisticated coronavirus-themed phishing scams and ransomware campaigns to exploit the crisis.
According to a recent study, 23% of business leaders said their company experienced an increase in cyber attacks since employees started to work from home due to the pandemic. During this time of increased risk, SMBs need to be aware that remote-access technologies are exposed and more vulnerable to cyber attacks.
The National Institute of Standards and Technology (NIST) stated that companies, “should assume that malicious parties will gain control of telework client devices and attempt to recover sensitive data from them or leverage the devices to gain access to the enterprise network.” When SMBs accept the inevitability of external threats, they can better anticipate future cyberattacks and implement a forward-thinking layered cybersecurity strategy.
Here are a few tips remote workers can leverage to improve their cybersecurity posture and reduce the likelihood of data breaches from occurring.
Leverage a Virtual Private Network (VPN)
A Virtual Private Network (VPN) enables remote employees to establish a secure connection between their work-from-home devices and the corporate network through a firewall. VPNs are easy to use, simple to set up, and offer a similar experience to working in the office.
Remote workers should never turn off the VPN as it secures their home network and prevents cybercriminals from intercepting sensitive information such as consumer data, medical records, and financial documents.
Implement Multi-Factor Authentication (MFA)
Remote employees need to balance security with ease of use to ensure maintained productivity. Multi-Factor Authentication (MFA) provides remote workers a secure, convenient, and simplified authentication process by requiring login criteria that the user already has or can easily access, such as their smartphone and fingerprint.
When MFA is enabled, users need to present three or more credentials, including their username, password, and a just-in-time response. A just-in-time response may be a physical token, a code sent via text message or email, or a biometric scan of their fingerprint or face. This added layer of security ensures that passwords obtained through brute force or phishing scams won’t compromise a business’s security.
Cybersecurity Tips for Employees Returning to the Office
Due to the removal of COVID-19 restrictions, many SMBs are re-opening their offices and inviting employees to return to the workplace. However, many work-from-home employees have adopted poor cybersecurity habits that cybercriminals can exploit to gain access to sensitive company data.
According to a report, 56% of IT leaders believe their employees have picked up bad cybersecurity behaviors since working from home. SMBs that are starting to transition workers back into their corporate offices need a “back to work” cybersecurity strategy that addresses poor employee cybersecurity behavior to ensure data protection and network security.
Here are a few cybersecurity tips for returning employees to facilitate a smooth and secure transition back to in-person work.
Participate in Employee Cybersecurity Awareness Training
SMBs are refreshing their security policies and updating their employee cybersecurity training offerings to reflect new social engineering and phishing attack strategies introduced by the pandemic. Employees returning to in-person work should participate in any new and updated cybersecurity awareness training programs including simulated phishing tests to ensure they understand the unique risks associated with hybrid work environments.
Validate Computers and Mobile Devices with IT Departments
During the lockdown, employees may have installed software on their devices without the consent of IT personnel to help them maintain productivity while away from the workplace. Returning employees should turn over their computers and mobile devices so corporate IT or managed service providers can scan them for unauthorized apps and software. Unapproved software and apps pose significant long-term cybersecurity risks and need to be validated by IT departments or removed before employees access business servers to ensure network security.
Update Passwords Immediately
Strong passwords that use a mix of uppercase and lowercase letters, numbers, and symbols are a simple yet effective tactic for deterring cyber attacks and ensuring data protection. However, the decryption abilities of cybercriminals are becoming more sophisticated due to widely available decryption programs that can easily crack passwords by trying thousands of common passwords in minutes.
While working from home, employees may have unknowingly fallen victim to a phishing scam or social engineering attack and therefore fail to recognize the pressing need to update their compromised passwords. Before resuming business-critical operations, returning employees need to update their passwords and refresh their knowledge of password best practices to ensure the highest degree of cybersecurity.
Protect Your Data with Improved Remote and In-House Employee Cybersecurity
SMBs need to take the time to strengthen the cybersecurity capabilities of remote and returning workers if they want to protect their data, reputation, and profits.
Businesses should partner with experienced cybersecurity specialists to implement a layered cybersecurity strategy that includes a comprehensive cybersecurity training program. Providing remote and returning workers with the knowledge to mitigate and recover from sophisticated cyber attacks will ensure the security of hybrid work environments.