The COVID-19 pandemic has changed the way businesses operate. Companies across the country are grappling with how to keep employees and customers safe while maintaining operations. Adapting to an ever-changing environment means that more employees are working from home. BlackPoint IT’s cybersecurity expert, Andrew Hutchison, shared his cybersecurity tips for remote workers who have been thrown into the world of virtual offices.
An Interview with Andrew Hutchison
BlackPoint IT: How are organizations adapting to the current environment?
Andrew Hutchison: Business executives know they will be dealing with the impact of the pandemic for months to come. Universally, safety is the priority. The immediate first step many organizations took was transitioning to a remote work environment. It isn’t easy when you move from about 20 percent of your workforce being remote to 80-90 percent. Depending on the business type, some organizations have moved to a completely virtual workplace. Health centers and other essential businesses are also facing increased challenges with escalating demand for their services and the need to limit onsite staff whenever possible.
BlackPoint IT: What do businesses need to know about the cybersecurity landscape in the current environment?
Andrew Hutchison: Unfortunately, COVID-19 isn’t the only virus businesses need to be vigilant against. Quarantines have made people more reliant on digital communication tools like Microsoft Teams, Cisco WebEx, RingCentral, Zoom, and others. These applications are great productivity boosters, but also a target for hackers. It isn’t just video conferencing that has exploded. Globally, overall internet traffic has spiked with more people working from home, trying to attend school, or just entertaining themselves. Hackers are opportunists. More people online offer more targets. For those new to remote working, cybersecurity might not be top of mind. The bottom line is in this new environment, the threat level for companies has been raised.
BlackPoint IT: What is the most important thing businesses can do to protect themselves from being breached through a remote worker?
Andrew Hutchison: Multi-factor authentication (MFA) is the first step businesses should take to protect themselves. For savvy cybercriminals, passwords have become easy to hack. MFA combines two or more independent credentials, adding another layer of protection that makes it exponentially harder for accounts to be breached.
One of the misconceptions about MFA is that it is overly complicated for businesses to maintain and users to manage. There are now several different MFA solutions for organizations of all sizes. Most consumers are accustomed to entering their password to an online banking site and being sent a code to their mobile phone that they also enter to gain access. This approach is gaining popularity, but it isn’t the only MFA method.
- Physical tokens: This is something the user has to generate a secure passcode. These are nearly impossible to break.
- Mobile phone: Adding an authentication application that delivers a code to the user’s mobile device is often a quick and easy addition. Businesses need to be confident that the application is secure because we know mobile phones are also able to be breached.
- Biometrics: Another nearly foolproof way to ensure the identity of the remote user is by requiring a fingerprint, retinal scan, or facial recognition.
BlackPoint IT: What else should businesses consider to bolster cybersecurity with remote workers?
Andrew Hutchison: MFA is one of the essential elements to secure remote workers, but it isn’t the only thing. Establishing a virtual private network (VPN) creates an encrypted tunnel between the employee’s device and the company network. The employee’s IP address and online communications are then shielded from prying eyes. Without a VPN, a hacker could potentially capture the employee’s login information, what applications they are using, or read confidential documents being transmitted. It is important to also remind employees to log off the company VPN before they leave their computer.
Another important step in cybersecurity is employee training. A 2019 report from Verizon showed that nearly 1/3 of all cyberattacks involved phishing. Tricking employees into visiting malicious sites and entering their credentials or downloading ransomware is big business for attackers. Busy, stressed employees can easily overlook an extra letter in the URL of a website or believe that their boss is asking them to download and review a file. If you add these common tactics to a time when employees are constantly being asked to operate in completely new ways, you can imagine how easy it is for criminals to execute their schemes. Taking a little extra time to make sure employees know standard operating procedures while people are remote can save you down the road.
BlackPoint IT: So, the top three things businesses should consider for cybersecurity with remote workers are multi-factor authentication, VPNs, and employee training. Is there anything else that needs to be emphasized for those adjusting to more remote employees?
Andrew Hutchison: Let’s face it, these aren’t easy times. The number one priority has to be keeping employees, customers, and the broader community healthy and safe. Unfortunately, while organizations are focused on that critical initiative, they also have to keep their eyes on cybersecurity. MFA is one of the most significant safeguards, followed by creating a VPN and training employees on what to watch. In the training category, we recommend placing extra emphasis on the password policy. You’d be surprised how often “Test1234” is still used. There are other things companies can do, like creating backups and ensuring the software on all employee remote devices is updated. It comes down to making sure your organization is thinking about the risks and taking steps to mitigate those.
The good news is that the investments businesses make now to improve the cybersecurity of their remote workers will continue to be beneficial long after COVID-19 is gone.
Additional Cybersecurity Tips for Remote Workers
To summarize Andrew’s thoughts, three of the best things businesses can do to improve cybersecurity are these:
- Multi-factor Authentication (MFA): Adds another layer of security on top of using a password
- Virtual Private Network (VPN): Creates an encrypted connection between an employee’s device and the company’s network.
- Employee Training: Teaches workers how to recognize and avoid potential scams, as well as best practices for cybersecurity.
With that said, there’s still plenty more that can be done to avoid phishing, malware, and other cyber threats. Here are some additional tips companies can take to improve cybersecurity for a remote workforce:
Using Stronger Passwords
Andrew touched on this a little in the interview above. As part of their employee training, workers should be encouraged to use and create better passwords for their accounts.
A surprising number of people still use common phrases for passwords like “mypassword” or “test1234”, which are predictable and easy for cybercriminals to hack. Here are three ways you can build a stronger password:
- Create longer passwords: We’d recommend using at least eight characters. But the longer the password, the better.
- Use a mix of letters, numbers, and symbols: Throwing random characters and capitalizing will make the password harder to break.
- Don’t use the same password for all your accounts: We’ve all done it before, but this is a huge security risk. If someone breaks into one of your accounts, there’s a good chance they can break into your others.
Keep Software Up To Date
Don’t ignore those little alerts that say the latest update is available. Updates to apps, anti-virus software, and operating systems often patch up security flaws, making them crucial to your cybersecurity.
A great way to make sure all your software stays up to date is by enabling automatic updates when possible.
Data can be lost in any number of ways due to cyberattacks, employees falling for scams, or by simple human error. Entire systems can be wiped clean in an instant, which is why it’s vital to create backups of all your information.
You can use physical hardware to backup your data. Or you can create backups using cloud services and access your data remotely.
Keep Business and Personal Devices Separate
This is especially necessary if employees use business-issued devices like laptops or smartphones. Employees should use their business devices purely for business-related purposes and avoid working from personal computers.
For example, if an employee works from their own laptop, they risk putting out sensitive data without the proper security measures provided by the company.
Never let friends or family members use company devices for personal tasks like banking, paying bills, or streaming movies and television.
Work with Cybersecurity Experts
One of the best ways to keep your company and your workers safe is to work with certified cybersecurity professionals. BlackPoint IT offers advanced cybersecurity solutions for any business, including cybersecurity for a remote workforce. Contact us today and schedule a free cybersecurity assessment for your business.
Andrew Hutchison is Director of Service Delivery, responsible for BlackPoint IT’s cybersecurity. Based in BlackPoint’s Seattle, WA office, for nine years and with many more years of experience as a cybersecurity consultant. For more information talk to a BlackPoint IT expert.