The coronavirus (COVID-19) outbreak has officially been categorized by the World Health Organization (WHO) as a pandemic, meaning infection is accelerating in multiple countries concurrently. The United States of America has declared travel bans on 28 European countries, many countries have closed schools and universities, and large gatherings of people have been stopped. Many of our states are shutting down with a “Stay At Home” order, like we are experiencing here in Ohio.
High-profile companies such as Google and Microsoft are encouraging or mandating that staff adopt a work-from-home policy. For modern tech companies, the infrastructure and policy needed for remote working are unquestionably already in place and the vast majority of staff members are probably already laptop users.
For many small and medium-sized businesses, the remote working infrastructure may be new and there might not be a policy in place already.
If you haven’t already spoken to us about setting up you and your employees to work remotely, reach out and we’ll be happy to help you through this challenging time. There are many things we can do to help keep your business up and running as much as possible.
Things To Help You Work Remotely:
In order to be productive, there are common requirements that all remote workers need, such as:
- A computer
- A good internet connection
- Chat and conferencing applications
- A dedicated workspace (preferred)
- Optionally, a phone
- Self-motivation and discipline
- A strict routine
Why is the phone optional? In today’s environment it may not be necessary, especially as most chat applications allow direct calling. The need for a phone may be a business requirement rather than an essential device.
Importantly, companies and organizations also need to prepare themselves and their employees for the increased cybersecurity risks associated with remote working.
Increased Cybersecurity Risks Associated With Remote Working
Companies also need to prepare themselves and their employees for the increased cybersecurity risks associated with remote working. Here are some of those challenges that need to be addressed.
Physical Security Of Company Devices
Employees will be exposing company devices to greater risk as they leave the safety and security of the workplace. Devices need to be protected against loss and theft with options such as:
- Full-disk encryption – ensures that even if the device falls into the wrong hands, the company’s data is not accessible.
- Log out when not in use – both at home and in public places. An inquisitive child accidentally sending an email to the boss or a customer is easily prevented, as is limiting the opportunity for someone to access the machine while your back is turned in the local coffee shop.
- Strong password policy – enforce passwords on boot, set inactivity timeouts, and ban sticky notes with passwords on them: people still do this!
- Never leave the device unattended or on public display. If it’s in the car, then it should be in the trunk.
What’s In The Home Technology Environment
Ask employees to audit their own home environment for vulnerabilities, before connecting work devices. There are continual vulnerabilities for Internet of Things (IoT) devices, and this is an excellent time for employees to take action on securing them with strong passwords and updating their firmware/software to the latest versions.
Consider promoting, or even mandating, the use of a connected home monitoring app before allowing work devices to be connected to home networks. The scan or monitoring will highlight devices with known vulnerabilities, outdated software or firmware, or default passwords that need to be changed.
Accessing The Company Network And Systems
Establish if your employee needs access to the organization’s internal network or just access to cloud-based services and email. And take into consideration whether the same level of access to sensitive data enjoyed on-site should be granted when your employees are off-site.
- If access to the organization’s internal network is needed:
- I recommend this is only achieved from an organization-owned device so that full control of the connecting device is under the management of the technology security and IT team.
- Always use a VPN to connect remote workers to the organization’s internal network. This prevents man-in-the-middle attacks from remote locations: remember that since you’re now working from home, the traffic is now flowing over public networks.
- Control the use of external devices such as USB storage and peripheral devices.
- Allowing access to email and cloud services from an employee’s own device:
- Enforce the same endpoint security policy for antimalware, firewalls, etc. as with an organization-managed device. If necessary, we can furnish your employees with a license for the same solutions used on the organization-owned devices.
- Limit the ability to store, download or copy data. A data breach can happen from any device that contains sensitive company data.
- Consider the use of virtual machines to provide access: this keeps the employee in a controlled environment and limits the exposure of the company network to the home environment. We can set this up as a superior longer-term solution if needed.
- Multifactor authentication (MFA ensures that access, whether to cloud-based services or full network access, is by authorized users only. Wherever possible, we can set-up an app-based system or physical hardware token to generate one-time codes that grant authenticated access. As there may be time pressure to deploy a solution, an app-based solution removes the need to procure and distribute hardware. App-based systems provide greater security than SMS messages, especially if the device used to receive the codes is not an organization-managed device and could be subject to a SIM swap attack.
Collaborative Tools And Authorization Processes
It may seem strange to put these two items under the same heading, but one can help prevent issues with the other.
- Provide access to chat, video and conference systems so that your employees can communicate with each other. This provides the productivity tools needed and helps employees to remain social with their colleagues.
- Use the collaborative tools to protect against unauthorized instructions or transactions. Cybercriminals will likely use the opportunity of remotely located workforces to launch Business Email Compromise (BEC) attacks. This is where a bogus urgent demand is sent by a bad actor, asking for the urgent transfer of funds, without the ability to validate the request in person. Be sure to use video conferencing/chat systems as a formal part of the approval system so that validation is made “in person”, even when remote.
Training For Cyber Attacks At Your Company
There are numerous Business Email Compromise (BEC) attacks, other email phishing scams, and COVID-19 scams in circulation, leading to face masks, vaccines, and disinformation. When employees are relocated out of the workplace and placed into the more casual atmosphere of working from home, they may consider clicking on links, as there are no colleagues who might see them watching that amusing video or visiting a webpage.
Cybersecurity awareness training can help employees minimize the risks for your company. If you’d like us to offer an awareness training session to help avoid the human element that cybercriminals attempt to exploit, please reach out and we’ll be happy to do so.
Support And Crisis Management
In the rush to provide remote access, don’t sacrifice fully protecting your company through cybersecurity or the ability to manage systems and devices. The ability to support users remotely will be essential to ensure smooth operations, especially if users become quarantined due to health concerns. If you or any of your employees encounter any unusual or suspect issues that could be the result of a breach, please contact us right away and we’ll be here to help. It’s important that your remote workers have clear communication protocols for any IT support they need and for crisis management.
Beyond technology and functional processes, there are other key factors to effective remote working:
- Communication – Consider having team calls once per day, brief people on the status, and give everyone the opportunity to share experiences and issues.
- Responsiveness – Remote working is not the same as working in an office environment. Establishing clear guidelines of how quickly a remote worker is expected to respond to a request depending on the communication type, email, Slack, calendar invites, etc. can help.
- Working schedule – Agree a method of clocking on and off, even if it’s as simple as a team group chat and members saying good morning when they start their day.
- Health and safety – Do the ergonomic keyboards in the office need to be taken home to provide the same comfort employees are used to? Working from home does not remove the responsibility to provide a good working environment.
- Liability – Ensure coverage for the company assets while in the employee’s possession.
- Tech support – Megatronics is available to you and your team 24 hours a day / 7 days a week during this time. Make sure your team is aware that they can reach out anytime they need support.
- Socialization – Bring remote workers together, particularly virtually. Social interaction is an important part of motivation and increases productivity. Consider a buddy or mentor scheme so that every employee is paired and can problem solve, vent, share or socialize virtually.
- Accessibility – Establish a virtual open-door management policy, just as there is in the office. Make sure people are accessible and can be easily engaged.
Don’t assume that everyone can switch to remote working effectively and with little assistance or guidance. Home is not the office and we know this can be a challenge for some. We are here to assist you and your team. Adapting to the changes in your new work environment can be difficult or frustrating at times — please let us know how we can help.
We’re in this together.