VPN stands for Virtual Private Network and is the safest remote connection. It creates an encrypted tunnel between your remote device and the servers and files at work. Windows 10 and Mac OSX have built-in VPN setup capabilities, however, you need a VPN service based on your type of business servers. This is a nice step-by-step article recently published by CNET regarding how-to for Windows: https://www.cnet.com/how-to/how-to-setup-a-vpn-on-windows-10/
Your employees must use 2FA (Two Factor Authentication) to access business applications. We recommend 2FA whether you are in-office or remote, also use strong passwords, like passphrases that are greater than 10 characters in length. Make sure your workstation has current patches and updates for the OS (Operating System), Web Browser and Adobe PDF Reader. Also, it is vital to have Anti-virus (AV). Windows 10 comes with Windows Defender as a free option. AV and patching are more of an issue if the remote worker is using their home computer and not a business computer that is monitored.
The best method is to provide the employee with a laptop managed by the office. If the servers are at the office, IT can and needs to monitor those remotely. If your business is used to having staff present 24/7, consider a physical security option – alarms, cameras, etc.
Any topic that becomes “hot”, like the pandemic, working remotely, toilet paper will attract cybercriminals, so be suspicious of any unsolicited offer. Unfortunately, there are several phishing emails and malware websites identified as cybercriminals trying to capitalize on the COVID-19 pandemic. The best advice is to avoid all unsolicited emails or websites and only trust sites provided by the government. Nationally, an excellent site is the National Governor’s Association site: https://www.nga.org/coronavirus/.
Your staff will most likely experience new applications and ways to communicate. Not knowing how to use microphones and cameras with remote meeting software can lead to ineffective meetings or embarrassing situations. Your staff may need training on new tools and need help setting up their VPN or 2FA.
Microsoft Teams and Zoom are two very popular and mature options. As with any software, setting it up correctly and making sure the users understand how to use it correctly is vital for success. Also, the meeting organizers must ensure the invitations are sent to the intended participants.
Using a consistent process and application across the business it important and lets you keep control of business files. Make sure employees know what service you are using, like Microsoft Sharepoint, OneDrive or Dropbox and how to properly access files and save files. Encrypted email may also be needed to maintain compliance if you are sharing protected/sensitive information (ex. HIPAA Guidelines). DO NOT save files to the local computer because your business may lose control of the file and likely it will not be backed up. If your employee is not well-trained, we guarantee they will save files to their computer.
You will want employees to save all data to a location on the company network, like a file server, or a specific location on the internet, like Office 365. You need to maintain control of your data and back it up regularly to avoid further interruptions to your business continuity.
Since working at home comes with a new set of office mates, make sure your kids and guests understand your computer is for work and should not be shared. Log off all business applications and web sites at the end of each workday and lock your computer whenever you walk away.
If you are not already doing so, it’s a great time to add Cybersecurity education to your mandatory workforce training. We have a great online training platform to make the process easy to push out to all employees.
Thank you, Joe! That was timely and helpful information.
At The AME Group, we take our own security seriously and can help guide you to make the most cost-effective decisions to boost your business’ cybersecurity maturity.