With more remote employees, COVID-19 has forced small businesses to change how they conduct business. However, many small companies aren’t updating their cybersecurity policy.
Improving cybersecurity might cost money, but it will be worth keeping your business afloat. Protecting yourself is often as simple as implementing a few smart policies, and using the right security tools.
Update Your Policy
If you have remote employees, you need to implement a policy that acknowledges the unique security risks of working from home. First of all, employees won’t be behind a company firewall, and might not have company security software running on their systems.
Require that employees access company data over a private network — anyone who doesn’t have access to a home network should be required to work onsite, where they can access a secure connection. Public connections, like those in coffee shops or libraries, might not be available anyway, and if they are, they’re not safe — hackers can jump on them to access your data. Clarify that employees shouldn’t save company data to their personal devices, including storage like flash drives, personal cloud storage, or personal email. All of these are insecure places to store data.
Use the Right Tools
Software solutions are available to give you and your employees the tools you need to stay secure while working in a challenging situation. Employees can use a Virtual Private Network (VPN) to access your company’s internal network and even use a virtual desktop there, which provides both storage solutions and an extra layer of security.
Employees will also need endpoint security, including anti-malware protection and firewall protection. Advanced threat protection will include security for endpoints and other network devices and email, as well as malware protection. The best-advanced threat protection offers real-time monitoring to catch breaches and other attacks before they do too much damage.
Train Your Employees
Of course, employees will need regular security check-ins to make sure their security features are optimized. However, they’ll also need additional training in cybersecurity, especially as everyone is on-edge and stressed-out at the moment — in other words, employees are more likely than ever before to be in the perfect state of mind to fall for a phishing email or other social engineering tactic. Regular training, even if it’s just videos and online quizzes, will help keep employees on their toes, and will maybe help you single out individuals who need further attention.
If you can, it’s safest to supply your employees with the devices they need to work from home. It’s fairer to the employees, who may otherwise have to use old or underpowered equipment or scramble to come up with what they need on their own. But it’s not just about fairness — you have much more control over what happens on company devices, and you can, at least in theory, keep employees from using them for personal stuff. This can help keep hackers from compromising your company data since you don’t know what emails your employees are answering in their downtime, or which questionable websites they might be visiting. Their personal devices could already be compromised.
Small businesses may be struggling to find funds or staff to address evolving cybersecurity concerns. Small businesses already make up 43 percent of cybercrime targets in the U.S. In 2019, data breaches cost small businesses an average of $200,000, with 60 percent of those attacked going out of business within six months.
The COVID-19 pandemic has been dangerous in all kinds of ways, some more predictable than others. Make sure your company is aware of the dangers COVID-19 poses for your cybersecurity, so you protect yourself on every front.