As a result of the corona lockdowns, life has shifted online – including work. More people are now working from home than ever before, with businesses scrambling to shift to a distributed workforce and to provide the infrastructure needed for remote teams.
However, one aspect has often fallen by the wayside: Security.
As things are, many teams are glad that communication and remote tools are functioning at all. Making sure that they are functioning securely is farther down on the list of priorities.
That can be perilous. Statistics show that in March alone, the number of cyberattacks rose by over 37% month-on-month. At the end of April, the number of cyberattacks tallied in at a stunning 445 million for 2020 so far.
Some industries, such as healthcare, have become particularly attractive targets for hackers. The WHO, for example, reported a five-fold increase in cyberattacks on it.
But any business operating online is vulnerable, and only 5% of companies’ data is properly protected. Companies are quite aware of this: 92% consider themselves at risk.
The consequences of a successful cyberattack can be devastating. On average, a data breach costs a company $3.92 million. The 2017 Equifax breach, which affected 150 million users, caused a whopping $4 billion in damage.
So what can you do to secure the operations of your remote team? Here is a comprehensive list of tools and strategies that will help you shield your online business life from attacks.
Make Sure Everyone Knows the Cyberattack Warning Signs
To minimize the danger and damage of cyberattacks, team members must be able to recognize both hacking attempts and existing threats.
According to IBM, it takes a whopping 206 days on average to detect a data breach. Now, some breaches are exceedingly hard to spot. But it is essential for your whole team to keep an eye out for possible threats – and to alert your IT immediately when they spot something.
Signs that your team members can watch out for that could indicate a breach include:
- A sudden drop in their computer’s speed
- No longer being able to control their mouses, trackpads or keyboards
- New programs appear that they did not install
- Persistent and suspicious pop-up ads that show up on their screens
Another threat that all team members should be aware of is phishing. Phishing messages are not just getting ever more frequent, but also ever more convincing – to the point where even Amazon’s Jeff Bezos got hacked.
Knowing how to identify a phishing mail, text or WhatsApp message will save your team a lot of trouble, as will knowing which precautions to take when receiving unsolicited attachments.
Find Your Weak Spots
Figuring out where you are vulnerable is the first step of securing your team’s tech against cyberattacks. A review of the tech you are using to connect is crucial.
Here are some common vulnerabilities a distributed workforce is struggling with.
Does your company still run a hardware-based virtual private network? Not only are such legacy VPNs under immense bandwidth stress right now, but they often also leave massive gaps in your security, exposing data and business applications. Now is the time to drop it and switch to cloud-based solutions, which are both safer and more flexible.
Many home Wi-Fi networks are insecure, especially if the equipment is a few years old. Unfortunately, chances are that most team members will be using such connections for work while the lockdown lasts.
That means it’s essential that your team members all take steps to secure their home Wi-Fi connections as strongly as possible.
Chances are, there is at least one person on your team who uses ‘password’ as their password. No. Shortcuts like that present a dangerous liability, now more than ever.
Putting in place minimum standards for passwords (using numbers, varying letter cases, and special symbols), as well as employing a password manager, and two-factor authentication for important services can fix this vulnerability.
Your Company Website
Your business website is your home. Make sure the doors are locked and the burglar alarm lives. Maybe leave a couple of Rottweilers out front.
It is essential that you secure your website well, especially if it offers access to sensitive data or a company intranet. That means doing a thorough audit of your website security, as well as installing additional security software, for example in the form of plugins.
Control The Hardware Your Team Uses
One easy – though not inexpensive – way to add to your remote team’s cybersecurity is to have total control over the hardware that is used. By providing it.
Establishing endpoint security – meaning that the laptop, tablet, or phone, on which business operations are conducted is secured – is easiest if they are dedicated to work.
As soon as team members conduct private business on a machine – from online banking to (illegally) streaming their favorite shows – the risk of malware finding a way onto that device grows exponentially. And so does the risk of your business being a target.
Supplying each team member with company tech to work from home might be a considerable organizational and financial investment. But security-wise it is definitely worth it.
Apply the Zero Trust Principle
A recent article in Forbes detailed that when it comes to cybersecurity, remote work should automatically work on a basis of zero trusts.
That means that on top of proper authentication, business operations are constantly being monitored to identify risky behavior right away.
Artificial intelligence is used to identify patterns of user activity on different applications, in different networks, using different devices, and at different times. If something out of the ordinary is detected – like attempting to access to a secure network in the middle of the night – it immediately gets flagged and stonewalled.
Choose the Right Tech, and Activate Security Settings
Choose remote work applications with high-security standards to ensure cybersecurity for your team.
Zoom, for example, did turn into the de facto standard for video calling. However, the company has been under fire for its often lax security settings, which have resulted in a wave of stolen credentials and of ‘zoom bombing’, with meetings being interrupted by uninvited participants.
To avoid such incidents – and the associated danger of valuable information being leaked – switching to more secure providers of Nextiva is an option. This also goes for other team collaboration tools.
Generally, it’s important to check that you have the maximum security protocols enabled on all your applications. Sometimes, additional levels like two-factor authentication are available, but need to be activated manually.
Use a Security Framework
Finally, an important step to sustainably ensure the cybersecurity of your remote team is to adopt a fixed security framework.
Time-tested and ready-to use examples of such frameworks can be found, for example, on the website of the National Institute for Standards in Technology (NIST).
Security frameworks basically coordinate which network your business has, what systems are being run on these networks, and which (sensitive) data is being produced and stored. They also keep track of which team members can access which platforms.
With the advent of the corona crisis and the surge in online activities, the danger of cyberattacks has increased.
Consequently, it is more important than ever to keep your security standards high. It is definitely worth investing the time and money to educate your team, choose the right tech and the right applications, and to put a cybersecurity framework in place.
So that at the end of the day, your remote team can be productive without fearing cybersecurity headaches.