Five Cybersecurity Best Practices for Small Businesses with Remote Employees
Currently, 3.9 million Americans work remotely,which marks a 115% increase from 2005. Estimates indicate that more than one-third of employees will work remotely in the next ten years. The desire for greater flexibility and work/life balance is partially responsible for this trend, in addition to an ever-increasing number of businesses that are based entirely online. With cloud and mobile technologies making it easier than ever before to communicate and collaborate regardless of location, organizations are embracing remote work as a way to cut costs and satisfy employee demand.
Despite the productivity and cost-saving benefits of remote work, the concept introduces serious cybersecurity risks that have the potential to devastate entire businesses. For example, if an employee logs on to their email via a coffee shop’s public Wi-Fi, that individual runs the risk of sending their work emails, customer information and other business data directly to hackers rather than to the Wi-Fi connection point.
Small and medium businesses (SMBs) are particularly vulnerable to remote work security risks, as they usually have fewer resources to prevent or recover from cyber-attacks proactively.
Here are five best practices that will help establish the proper level of control over cybersecurity threats.
Enforce Basic Cybersecurity Hygiene.An organization's cybersecurity is only as strong as its weakest link, and all it takes is one employee – even a well-intentioned one – to cause that chain to break. Enforce cybersecurity best practices such as using strong passwords, not sharing passwords across multiple accounts, implementing two-factor authentication (often free) and accessing sensitive files only from trusted devices and VPNs. Also, some simple and inexpensive employee cybersecurity awareness training can ensure employees are familiar with the most common and current attack schemes and educated on how to handle a situation if they think a cybersecurity incident has occurred.
Reign in 'Shadow IT.'Shadow IT refers to computer systems, applications or devices being used without explicit organizational knowledge or approval. For example, do any of your employees access their work email from their personal cell phone? Attempting to completely shut down Shadow IT isn't realistic, nor is it necessarily helpful to your business. However, it's essential to identify any apps or devices that could pose the highest risk. Clearly communicate which products or services are forbidden and explain why so your employees don't feel unjustly blocked and circumvent the rules. Also, consider putting processes into place that allow your IT team to quickly approve or disapprove new applications in which employees express interest.
Organize Back-End Technologies. Cloud-based apps can be a godsend for ensuring a seamless work environment for remote employees, and many also provide the invaluable service of backing up all of the data being generated outside an office's walls. Services such as G Suite or Microsoft Office 365, for instance, can allow employees to create, edit, organize, share and automatically back up documents, spreadsheets, presentations and more, no matter their location or device. Consider migrating some or even all of your file storage to a trusted cloud provider to optimize flexibility and more efficiently manage, secure and backup your business data.
Duplicate Storage.With its infinite scalability and relative affordability, cloud technology can be an ideal data storage resource. However, rather than relying entirely on the cloud or trusting your employees to only use secure cloud services with automatic backup capabilities, duplicate your most critical business data, so at least one copy is kept separate from cloud data centers and stored offline via encrypted backup tapes. This is an essential action to protect your business from the impact of a ransom attack, where a hacker blocks access to your systems or data until a ransom is paid.
Get Cyber Insurance.Cyber insurance is an important, final step for protecting your business against the dangers of employees working remotely. Considering the significant financial demands many SMBs face as a result of a security incident, look for plans that cover immediate business costs (e.g., lost revenue due to the interruption of business, ransom, regulatory or legal fines). Also, be sure to implement coverage that includes such crisis response services such as coaching and guidance on how to respond to a breach.