It feels like we’ve entered a different world over the last few weeks. Businesses are closing left and right, school years are being cut short, and we’re all just trying to get by.
For many of us, “getting by” means working in new ways we haven’t experienced before. Millions of people are adjusting to remote work for the first time ever. While there are TONS of benefits to remote work for both employers and employees (greater productivity, happier workers), there are also lots of pitfalls to watch out for.
If our organizations are going to survive this strange and scary time of running our businesses from our living rooms or home offices, it’s going to require a lot of cyber security vigilance from both employees and your IT team, preferably a team who has deep cyber security expertise.
Last week, we discussed what CEOs are doing in the wake of these trying times, keeping business afloat while also making sure employees are healthy and able to complete their tasks. This week, we’d like to focus more on the functioning side of our new remote work lives.
Let’s talk about how we’re going to work without the typical office surroundings.
The 5 Basics for Securing Your Remote Data
1. Know where you're saving your data. When you’re in your office on your work PC, you don’t think much about hitting “Save” on your current document and moving on. The IT guys setup your computer a long time ago, and all of your work goes to one specific place.
(Hopefully you are not saving all your files on your desktop. Sure, that's the easiest thing to do but it's putting your data at risk. If your PC crashes or gets infected with a virus, all is lost. In most cases those files and folders are not backed up.)
If you’re working on a personal laptop or a different mobile device these days, you need to be aware of where your files are being saved. Maybe you’re using a VPN to connect to a server at the office. If you’re an Office 365 user, you’re hopefully aware of the benefits of Microsoft OneDrive.
Take a minute to figure out how to save your files where they really need to go. You may need to talk to your IT provider to configure your VPN or OneDrive settings properly, but this is time well spent! You don’t want to be searching for all of the work you completed remotely when you get back to the office!
2. Use MFA everywhere.There’s no getting around it anymore, you must use Multi-Factor Authentication (MFA) anywhere and everywhere you can.
From Facebook, to your online bank, to Office 365, every login needs to require a second form of authentication, usually through a text or email, to verify your identity. This way, even if your account information is stolen, the cyber thieves still won’t be able to access your data.
We’ve talked about MFA in our blogs quite a bit, but it’s for good reason! MFA is the absolute best option to keep your accounts and data safe. It’s hard to put a dollar amount on the peace of mind it will bring to your life.
3. Keep your operating system and all software up to date. We’re all getting so used to automatic updates on our phones and tablets, it’s easy to forget that if you haven’t previously configured it, your computer may still be relying on manual updates.
No matter which operating system you’re using, you need to ensure that updates are being processed automatically. Like everything else mentioned here, this will take a minute to configure, but once it’s done, you can move on knowing that you’ve protected your machine.
As for software, each piece of 3rd party software will be a bit different, but part of the beauty of cloud-based software such as Office 365, Adobe Creative Cloud, and QuickBooks Online is the automatic update feature that is enabled by default! Be sure to check the settings for any locally installed software and enable automatic updates.
4. Understand your camera and microphone settings. We're all doing a lot more video conferencing these days, and without some pre-configuration of your meeting software, you could accidentally share sights, sounds, or screens that are best left private!
Whether it's Zoom, Teams, or another app, take some time to configure screen share, audio, and video settings. Also, make sure to end every meeting and close out of the software before you move on to your next task.
Don't be that guy with the mic left off of mute, unintentionally distracting everyone while the boss is presenting! Get comfortable with the software on your own before the meetings start. Learn the basics, like how to mute, screen share, and use the chat functionality.
5. Be mindful of phishing attempts. Phishing attempts are on the rise again. Cofense has a great piece discussing the alarming growth of phishing attempts surrounding the coronavirus.
Inside, they cover new emails they’ve seen out in the wild appearing to be sent from the CDC. If you do receive an email from the CDC, but weren’t expecting one, be hyper-vigilant before opening the email and ESPECIALLY before clicking any links. Has the CDC emailed you in the past? This would be a strange time for them to start emailing you now!
Some things to look for when you suspect any email to be a phishing attempt:
- Misspellings in the email address
- Non-matching URL displayed when hovering over a link
- Grammatical errors
Take a look at our guide "Understanding Covid-19 Phishing Attacks" for more information on what to look for and how to protect yourself!
Untrained Employees Are Our Greatest Weakness
Phishing really is one of the greatest threats to both business and personal data today, no matter where you’re working from. Successful phishing attempts will lead to ransomware demands that many simply can’t pay.
The scariest part of all is the fact that no mail filter will stop every phishing attempt that comes in.
Every single phishing attempt requires end-used action to be successful.
This means someone has to click on a link to install malware, or enter their login credentials on a fake website to have their account compromised.
Without action, a phishing email is just text. Phishing prevention training and heightened awareness are the only things keeping malware and ransomware from destroying our data.
An Ounce of IT Security Prevention is Worth a Pound of Cure
While some companies were prepared to work from home, many others were forced very quickly to have everyone working form home.
Be sure to go through the simple steps we listed above, and stay alert of new phishing email trends as they come up. Data security is always important, but now that we’re all remote, it means employees must be more vigilant than ever!
Reach out to us if you're looking for help in getting your remote staff properly set up for secure remote access success, and be sure to download and share our guide "Basics of Securing Your Remote Data".