With thousands of Australians now working from home due to COVID-19, we need to be aware of the high risks of sending sensitive company data over unsecured home networks. This will be a field day for hackers, who will be taking advantage of the basic, generic passwords used on most home networks and devices.
Office environments tend to have stronger security systems such as up-to-date firewalls that cannot be easily breached. There is also more effective monitoring since everyone is working from the same network.
This same level of security is not found in most home office settings. Some of the most important things remote employees can do to stay protected from hackers are to use strong, unique passwords (including for your home internet), encrypt data on your devices (phones, USBs, external hard drives) and keep all your software up-to-date.
Consider this: it only takes one mistake to cause a data breach, often by clicking on a malicious link or downloading a corrupted file. Even one cyberattack can cause irreversible damage – in fact, 60% of small to medium businesses do not recover and shut down within 6 months.
8 cybersecurity best practices for remote employees:
1. Use strong passwords and two-factor authentication
Company and personal accounts that have a simple or reused password are the easiest to hack. Creating a unique, complex password is essential to improving cybersecurity. A strong password contains at least 12 characters and includes numbers, symbols, and upper and lowercase letters.
Many businesses have adopted two-factor authentication (2FA) as a highly effective method of securing their accounts. When logging into an account, the user is required to enter both their password and a verification code sent to their phone. Research shows that 2FA prevents 90% of hacker attacks by requiring the user to prove their identity in two ways.
2. Enable firewall protection
Using a firewall for your home network is the first line of defence that protects your data against cyber attacks. Firewalls prevent unauthorised users from accessing your company mail services, online databases and other sources of information that can be accessed from the web.
3. Connect to secure Wi-Fi
Ensure that your Wi-Fi networks are hidden, secure, and encrypted. If you need to connect to a public Wi-Fi network, use a virtual private network (VPN) to keep your information private. This is because there is a higher risk of sensitive data being intercepted through public Wi-Fi networks. Remote employees also need to be wary of free VPN services, which are becoming more and more common. Many of these free VPNs are not secure; instead, these companies may actually be using your data for their own purposes. Our IT consultants at Insight IT can help you select a trusted and reliable VPN service for your remote work setup.
4. Update your systems regularly
Antivirus and other security software are frequently revised to account for new types of cyber threats. These revisions come in the form of “patches” which you install as updates on your device. Promptly installing the latest updates on your security software, web browsers, and operating systems helps you to stay fully protected. Here are a few effective ways your business can maintain an up-to-date IT system:
- Keep a running inventory of every IT asset as well as their patch versions (including software being used by remote employees)
- Check hardware and software developer websites for critical updates
- Use patch management tools to automatically install the latest updates across company software and devices
- Conduct regular scans for viruses and other cyber threats, especially after major changes to IT infrastructure
- Remove outdated, unused files and software
5. Back up your files
Many cyber attacks cause the loss or corruption of data that is essential to the running of your business. Always back up important files to stay protected against a data breach or malware attack. There are several data backup options such as external hard drives, local servers or remotely on the cloud.
It’s best practice to use the 3-2-1 backup strategy where you have at least three copies of important files. Your files are saved in at least two different physical locations with at least one of those locations being offsite. You’ll have multiple copies that will prevent you from losing everything.
6. Set access restrictions
Limit employees and third parties to only access the files and applications they need to do their jobs. This minimises the likelihood of privacy breaches, unauthorised installations and other insider threats. Employees also need to follow the company’s policies on how confidential information is stored and used.
7. Avoid suspicious emails, files, pop-ups, and links
Phishing is a common type of cybercrime in which the attacker poses as a legitimate person or organisation to obtain sensitive information such as passwords and credit card details. Phishing attacks often result in serious financial losses and damaged reputation for businesses.
As a rule, you should never enter personal or company information in response to an email, pop-up webpage, or any other form of communication you didn’t initiate. Avoid clicking on links or downloading files from a suspicious source. If you are unsure about the legitimacy of any communication you receive, you can talk to Insight IT to receive advice.
How to Recognise Malicious Emails and Stay Protected
8. Talk to your Managed Services Provider
Even when your business and remote workforce have advanced tools and policies in place for cybersecurity, there is still the risk of human error. It is common for employees to become complacent at some point which means they stop following best practices.
Partnering with a Managed Services Provider is the ideal solution for businesses with limited IT resources. An experienced MSP like Insight IT will proactively prevent cyber threats or mitigate the damage if a breach does occur. Here are a few key security services offered by Insight IT:
- Ensuring that all devices are updated with the latest antivirus and other security software
- Applying program updates when new versions and fixes become available
- Installing operating system updates on a regular schedule that you can configure
- Assessing your current IT system to identify any vulnerabilities and security issues
- Constant, remote monitoring to promptly detect and address cyber threats
- Advising businesses on how to mitigate security risks during day-to-day activities
If you have any queries or issues regarding IT security, don’t hesitate to talk to our experts at Insight IT. We will work with you to create and implement a robust cybersecurity plan to fully protect your business.