Businesses all around the world are affected by the coronavirus (COVID-19) pandemic. Companies are on their toes–finding ways to keep their business alive amid the lockdown. This has resulted in the drastic need to shift business operations on a remote setup and send their employees to work from home.
This new virtual work environment has driven people to rely more on digital tools such as Microsoft Teams, Cisco WebEx, RingCentral, and Zoom. While these applications are proven productivity amplifiers, they are also easy targets for hackers.
According to a recent report, Zoom has seen a tremendous 535% increase in daily traffic. It’s great news for the company, but they have also been criticized with security issues like video hijacking also known as Zoom-bombing where users reported hackers joining in their meetings and often shouts racial slurs and threats that have garnered the attention of IT experts and even the U.S. Federal Bureau of Investigation.
Advancements in technology are occurring at an increasingly fast pace. New technologies continue to emerge and improve functionalities of existing ones—increased adoption has led to an exponential growth of data breaches. According to the 2019 FBI Internet Crime Report, a staggering 467,361 cybercrime complaints were reported through the span of 2019 with a mind-boggling cost excess of 3.5 billion from the previous year.
As technology becomes more tied in our everyday lives, cyberattacks are soaring high into a billion-dollar industry. New functionality, features, and access ports open up loopholes for bad threat actors and hackers to enter and corrupt networks.
Issues like these bring in the importance of cybersecurity. We sat down with BlackPoint IT’s cybersecurity expert and Director of Service Delivery, Andrew Hutchison, to give you a few pointers on how you can protect your company against cyberattacks while working from home:
1. Establish a multi-factor authentication system
The first target savvy cybercriminals go after are your passwords and businesses should prioritize to protect them. Multi-factor authentication combines two or more unique credentials to add a layer of protection and make it exponentially harder for your accounts to be breached.
Users are more accustomed to MFA in the form of the one-time pin (OTP), which is often used in online banking sites. Other several MFA solutions for organizations:
- Physical tokens: This is something the user must generate a secure passcode. These are nearly impossible to break.
- Mobile phone: Adding an authentication application that delivers code to the user’s mobile device is often a quick and easy addition. Businesses need to be confident that the application is secure because we know mobile phones are also able to be breached.
- Biometrics: Another nearly foolproof way to ensure the identity of the remote user is by requiring a fingerprint, retinal scan, or facial recognition.
2. Virtual Private Network
Companies can also consider establishing a virtual private network (VPN). A VPN created an encrypted tunnel between your employee’s device and the company’s network–protecting IP addresses, online activities within digital apps, and exchanging confidential documents. It is also important to remind your employees to log off the company VPN before leaving their computers.
3. Employee training
The staff behind your operations should be trained against cyberattacks. According to a 2019 report from Verizon, nearly 1/3 of all cyberattacks involved phishing and tricking employees into visiting malicious sites. Victims who enter their credentials or download a file–unknowingly is ransomware–are big business for hackers. Employees are more susceptible to overlooking an extra letter in the URL or easily downloading a file from an untrusted source, which is often an easy trap for a cyberattack.
4. Cybersecurity awareness program
You can have all the flashy technology out there, but if your employees are naive about cyber safety—it’s useless. Employees often wear many hats, making it a need for them to gain permission on accessing all the documents available in the network. Especially in today’s Bring Your Own Device (BYOD) world, employees have the freedom to need documents from the company network. They should be ready to bump into threats and should be aware of how to handle them.
Lead your staff by training them with the security policies. It can simply be educating them on the importance of updating their password to do’s and don’ts when using public wifi. The possibilities of educating your employees are endless. Cybercriminals are becoming savvier and aggressive when deploying attacks. keep in mind that a cybersecurity awareness program is essential to keep your employees and company safe from cybercriminals.
4. Enable disk encryption and install antivirus and defense agents
Disk encryption and antivirus defense agents may sound a little old school with the new technologies emerging, but this program adds an extra layer of protection. Disk encryption helps you protect your information by converting it into unreadable code should an unauthorized party attempt to access it. While, antivirus and anti-malware defense agents protect the computer from incoming threats and seek out, destroys, and warns of possible threats to the system.
5. Ensure you have a firewall
One of the baseline defenses in a cyberattack is a firewall. Nearly any internet connection can be vulnerable to hackers without some sort of protection in place, and firewalls are designed to prevent unauthorized access to or from private networks. Your network’s firewall is the guardhouse of your IT. Firewalls allow companies to set up online rules for the users. For example, you can control the access to certain websites—blocking off illegitimate and dummy websites to be accessed by your employees. As cyber-attackers get smarter and aggressive, your firewall needs to have every network entry point protected. So, having dedicated personnel will help mitigate threats to ensure that your entire network is both efficient and secure against advanced threats.
6. Have a backup with off-site replication
While it’s important to prevent as many attacks as possible, it is still possible to be breached regardless of your precautions. It is important to have a solid backup solution. Storing data off-site or remote is another solution. It allows you to minimize the scrambling to retrieve your data should a breach occur. This way, if the original data is lost, damaged, stolen, or held ransom, then you always have access to another version. It’s better to have a recoverable inconvenience than a complete loss.
6. Regularly assess your network
For some, a network assessment only works at the start of enrolling in a new service. In fact, it also works even if you already have security solutions in place. A network assessment gives you a detailed report and analysis of your company’s existing IT infrastructure, management, security, processes, and performance. A network assessment is important as it helps you identify opportunities for improvement on your overall IT health.
These basic practices are just the tip of the iceberg. When you have these protections in place, it will allow you to operate with peace of mind each day and close your business off from cybercrime. You can also capitalize on contacting a managed IT security provider. That way they can help you widen your understanding of your current network infrastructure, systems, and processes.
Security management along with a work-from-home setup can entail a lot of work, but remember prevention is the first step in protecting your organization against malware and cyberattacks. Staying on top involves safety protocols in place to minimize risks.
To learn more, contact BlackPoint IT to get started, we have an extensive background in security operations, and our array of IT managed services from help desk to support will help provide the kind of security you need in your everyday IT operations.