As a result of the spread of the new coronavirus, millions of workers across the United States have shifted to a work-from-home model. Now more than ever, protecting employees’ data and information is vital to business structures, overall bottom lines and the safety of valuable data and information. To brace against potential data breaches, business owners should implement straightforward measures to prepare for the new business unknowns that lay ahead.
Employers should advise employees to be cautious when using computers from home. Hackers have taken note that many employees are working remotely and will use this to their advantage. Unsolicited yet seemingly legitimate emails contain targeted coronavirus phishing attacks with malicious payloads that threaten the work-from-home employee. Where data and systems are vulnerable with lackluster firewalls or missing endpoint security protection, hackers can gain access with ease.
A simple way to prevent cyberattacks is to leverage a virtual private network (VPN) on all devices with a limited scope of access for the user to only the resources needed. Properly configured VPNs offer a secure connection, clear communication channels, centralized data management and give employees secure lines to the company’s server systems to hinder hackers’ access.
As an added layer of protection, multifactor authentication stops hackers in their tracks by requiring a second verification, usually via SMS text or authenticator app code, to log in. This simple step can prevent fraud and alert users when a login is attempted unsuccessfully. Employers should pursue opportunities to implement multifactor authentication on VPN connections and on all the program’s employees use most, such as business email accounts.
Effective password use is another simple step to prevent unwanted intrusions. Password entropy, the measurement of how unpredictable a password is, should be considered when crafting a strong password. Most users are tempted to make passwords short and easy to remember.
Encourage employees to not use the same password in more than one place and avoid passwords that they have used in the past. Employees should consider including at least 12-16 characters, blending upper and lowercase letters, numbers and special characters with a recommendation to consider even longer passphrases. To remember complex codes, password manager software offers centralized vaults, allowing users to store passwords safely in one common location.
Simple rules employees should keep in mind include rebooting the computer often to complete security patch installations, which ensure software remains up to date, lock one’s computer while not in use and follow the company’s protocol for backing up data regularly.
Companies also can enforce an automatic screen lock policy to make sure computers lock on their own. Watch for suspicious emails from unrecognized sources with phishing links or requests to open attachments. Many ransomware and credential harvesting attacks are launched through phishing emails.
Employees should be advised to avoid using personal computers for professional purposes. When personal equipment is used, businesses can’t offer the same protections, see the data history or maintain anti-malware software or advanced endpoint protection. As a result, data is made more susceptible to attacks.
These are uncertain times for all and adjusting to a remote workforce only adds to the uncertainty. Straightforward precautionary measures can help companies ensure important data is protected no matter where employees log on.