Pivot! (Again). It doesn’t seem that COVID-19 is going away any time soon, and businesses are beginning to make working from home more than a temporary solution to adjust to the new climate. Many of us have turned our spare bedrooms into offices, but at some point we have to go back to the office. Kind of. Enter the Hybrid Model: one where the workforce splits their time between working at the office and working remotely. We’ll be spending half our time in a home office, the other half at the work office. What could possibly go wrong? The risk of a cyber attack is all but guaranteed. In this article, we’ve outlined some key technologies and tips for keeping your business safe during these uncertain times.
As businesses begin to take steps to return to workplace normalcy, the hybrid model is going to gain popularity. The tech needs of a hybrid workforce are very similar to a fully remote workforce.
Setting Up Your Home Office
When putting your home office together, there are some key things to do to make sure you stay safe and productive while remote.
Find a working space that is separated from your home life. You’re less likely to be distracted when you have a dedicated space for work. Your new home office should be in a room you can lock when not in use to limit the chance of a family member accidentally using your work computer. They may mean well, but all it takes is one wrong click to infect your work computer with malware that could be transmitted to your network.
Your work devices should be password protected as another layer of security against unauthorized access. In the hybrid climate, employees will be moving their computers between home and office, and the possibility of losing a device or having it stolen are drastically increased.
Needless to say, good password hygiene is necessary to keeping your systems and data safe:
- Don’t use the same password across multiple accounts
- Never share your passwords with others
- Longer passwords with multiple letters, numbers, and characters are more difficult to guess
- Use a reputable password protection software if available
Remote Work Security
Having a hybrid workforce presents many unique cybersecurity challenges to overcome as a small business. With employees using their personal devices at home, your work network is more vulnerable to threats than the traditional working model. Having multiple layers of security is the best defense against breaches. Here are some of the layers of cybersecurity you should have in place to lower the risk that having a hybrid workforce presents:
VPNs. A VPN creates a secure, encrypted “tunnel” of information between your computer at home and your work resources. Without a VPN, hackers can intercept information being transferred, leading to stolen passwords, credit card numbers, and leaked sensitive information.
Multi-Factor Authentication (MFA). Two-factor or Multi-factor authentication may be the “bang for your buck” as far as cybersecurity goes. Password based authentication is the primary method for many logins, but passwords are stolen all the time. It’s unlikely that a hacker will be able to grab your password AND your fingerprint, so using 2FA or MFA whenever possible goes a long way in maintaining the integrity of your security.
Encryption. Encryption takes plain, human readable text and transforms it into an unreadable format. It usually uses a “key” to lock and unlock the data. Encrypted data without the correct decryption key is useless to anyone who tries to read it. Even if a hacker manages to breach your network and get to your sensitive files, the data will be unreadable and useless them.
Firewalls. Limit, or even eliminate, unwanted connections to your computer by using a firewall to close unnecessarily open ports and services. A good firewall can be programmed to allow certain, wanted connections (like screen sharing and authorized remote desktop) and block all other connections.
Antivirus. The most basic protection you can give yourself is antivirus software. It detects, quarantines, and deletes files that have been recognized as malicious, keeping your computer safe from invisible attacks. Most computers have some form of antivirus installed, but the big problem is when they go out of date, leaving you vulnerable. Always keep your antivirus up to date to keep yourself protected from the newest threats.
Phishing Training. Phishing is when a hacker uses email to pretend they’re someone they’re not, trying to get sensitive or valuable information from an unsuspecting person. Phishing is the most common, and most successful tool at a hacker’s disposal when trying to breach a network. Make sure you and your employees are trained to understand the anatomy of a phishing email and how to respond when a phishing email reaches their inbox. Ransomware and other malware is usually transferred through malicious links and attachments in phishing emails; a little bit of training can potentially save your organization hundreds of thousands of dollars in business disruption costs and decryption key ransoms.
- Backups. Back up your data. While many of these security measures are aimed at preventing a security breach, the truth is there is the likelihood a cyberattack will be successful. If someone inadvertently clicked a malicious link, having your data backed up in a secure location will limit the time it takes to get your business back up and running after an attack. If you have critical data backed up, an attacker loses leverage with the threat of destroying your data.
Home WiFi Security
Shifting your workspace to your home means your router is now your most important device. The consequence of a hacker breaching a home network is that now if they get in, every personal device on that network is in danger of having data stolen. With ransomware on the rise, this could mean losing pictures, sensitive information, and personal documents along with the files on your working computer unless you pay a hefty ransom. These are some of the best ways to increase the security of your network, and prevent hackers from stealing your information when working from home:
Use WPA2 or WPA2-AES if available and put a password on your WiFi connection. The password will keep out unwanted connections, and will allow you to monitor who is allowed to connect to your network. The password should be complicated, containing at least 12 characters utilizing upper case and lower case letters, numbers, and symbols.
Change the default router administrator credentials. Most of the default admin credentials for popular routers are posted online as common knowledge. You don’t need any technical knowledge to access the router, a simple Google search is all you need to update the default credentials.
Change the network name to your home network. Make it something generic and non-identifiable to you or your home. It should go without saying, but don’t try to challenge hackers with the new network name (naming it “try and hack me” is not considered best practice). Once you change the network name, disable the SSID from broadcast.
Separate your home network from your work network. Being on a different subnet from your family will give your work computer another layer of safety from malware that searches the network for more targets to infect. Instructions on how to do that, and more, can be found here.
With employees moving back and forth between the office and home, having a cloud-based file sharing system is going to be essential. Popular services such as Box and Dropbox give small businesses an affordable solution for file sharing no matter where your employees are working.
A collaborative workplace application like Microsoft Teams or Slack offer all-in-one solutions for hosting a virtual workspace. They integrate with many common productivity applications, and offer instant messaging and video conferencing solutions to keep your business running smoothly no matter where your employees are.
These programs are considerably safer than the alternative: the archaic method of emailing sensitive documents back and forth. These applications can provide a safe working space for your employees to continue to contribute and collaborate, no matter where they are working from.
The shift to WFH and Hybrid models has made cyber-attacks more dangerous because now, not only is your work environment at risk, there is also an increased threat that a hacker will steal the data on your personal computer. By following these tips, you can help keep your personal and business data safe from the prying eyes of a would-be cyber criminal looking to cash in on the shift to WFH and Hybrid work environments.