A Guide to Maintaining Digital Security in Times of COVID-19
Working remotely has become the norm since the advent of the coronavirus has resulted in a lockdown. But this trend in business operations shows no sign of letting up once the lockdown has ended.
This brings into stark relief the importance of maintaining high levels of cyber security for businesses and their employees working in remote locations. A study conducted by DSA Connect shows that there has been an 8% increase in access to confidential data by remote workers. 6% of those working from remote locations say that their restrictions have been decreased.
These figures say one thing, businesses are taking greater care in who is permitted to access confidential data. This information is confirmed by other metrics as well. According to NEXOR, the UK-based cyber security provider, Google search queries for 'cyber defense' increased by 126% between January and March 2020, which is an increase of 116% since March 2019. Google searches for 'cyber security services' increased by 44% and the search 'how to install VPN' increased by 40%.
Despite rising interest in maintaining a high standard of cyber security, Kaspersky only about 34% of all businesses is taking measures to ensure that their employees are kept updated on security measures necessary to keep their devices safe from threats. On a related note, research from Tessian shows that over 50% of remote workers feel more confident about riskier behavior when working remotely.
So, let's take a closer look at the various cybersecurity solutions to keep your business data safe while your staff works remotely.
1. Use a password manager
This would be a good time to review how passwords could be created and applied throughout your company. Your staff may use low-strength passwords or the same password across a variety of passwords, to ensure they don't forget any. But this type of shortcut can place the security of the company at risk and it makes it easy for hackers to figure out login codes.
This is a good place to keep a password manager. These devices can store a password securely and generate strong passwords as needed. If multiple team members will need to login into the same account, they will be able to share passwords safely with team members. This is far safer than sharing sensitive information over an e-mail message and risking it being opened and read.
2. Ask staff to encrypt their home WiFi
With so many of your employees working from home, it is a good idea to remind them to encrypt their passwords. To begin with, they should change the default passwords as these can be easily hacked. 'Admin' is one example. Remember that this is not the password that will allow access to the network, it is the password that allows settings and configurations to be adjusted.
This is mainly a concern for those using older routers, but it may make a big difference to your security so it is worth mentioning.
3. Introduce two-factor authentication (2FA)
If you have used banking apps, then you will be familiar with 2 Factor Authentication (2FA). This means that the person logging in will need to provide two different access codes or identification forms to gain access, this could be a password and a PIN. This adds another layer of security to an already formidable security system. If you don't want to use codes and passwords, you can take advantage of the Authenticator Software solutions provided by Windows and Google. This will send a notification to the administrator's phone and access can be permitted or denied.
There may be some situations when 2FA is simply not an option. In this case, other software solutions can be applied to improve your business security. Biometric identification is one such option. One-time passwords can only be used for a single transaction and can be revealed on a device. An alphanumeric code will be sent to the device of the employees seeking access and the passcode will only be valid for that single session. This is a good option if you will be working with freelancers and casual staff.
Biometric authentication uses the physical aspects of the user to permit access. This could be the voice, face, or fingerprint. This is a security option available in many laptops and can allow these biometric systems to be used remotely.
4. Be scam savvy
Scams have risen since the beginning of the COVID-19 lockdown. Action Fraud has reported more than 200 phishing scams related to Coronavirus.
Most of us like to think that scams are an old trick and we would never fall victim to such primitive ploys. Nevertheless, a test was created by Computer Disposals Limited to gauge the capacity of the average fellow to detect a scam and only 5% of all UK test subjects could detect every scam. More than 2% got most questions wrong and most are more than likely to fall for any of the most common Facebook scams. Oddly enough, most of the people who completed the test reported that they were always suspicious of online communications. This is why it is so important to educate your remote workers on how to detect a scam, so they can keep themselves from making security risks unintentionally.
5. Train your staff
Training will go a long way in keeping your staff aware of the importance of online security and can also boost your security considerably. First, make sure that your employees are fully aware of how to use the programs and software applied in your operations. Assign training courses as needed to ensure all are up to date with the software and information. But you do not want to overload your employees with too much extra information.
Reinforce staff responsibilities, like what to do if a cyber threat is detected. Be sure that you maintain a blame-free environment as this will facilitate honest communications.
6. Employ a Virtual Private Network (VPN)
A VPN will allow you to maintain a completely private network where you will be able to send and access all the files and emails moving back and forth throughout your operations. Data that is passed back and forth online will always be encrypted and browsing will be completely anonymous.
VPNs can also be used to hide the IP location of the user and can keep all information in transit hidden from prying eyes.
7. Outline steps to protect data in all locations
This is one thing that can't be emphasized enough. Make sure that your employees are keeping updated with all the patches and back-ups as requested and scheduled. Patches will help shore up vulnerabilities and keep you generally safe from hackers. These updates will be made on schedule so it is worth informing your employees when a new update is scheduled.
Even when they are in the safety and security of their home, remind your employees to keep their laptops locked uptight. It is also a good idea to assign some guidelines concerning the online activities that employees can and can't do while online using company equipment.
Finally, think about the tasks that your employees will be carrying out from their devices and remote locations. Consider what platforms will make it easier to perform these functions and provide the greatest security to your team. This can be reinforced with a BYOD policy that clearly points out the areas that will require improvement.