- April 13, 2020
- Posted by: Chad Gniffke
- Categories: Network Security, Small Business
These days you can’t go more than 20 minutes without hearing words like “unprecedented”. While it may sound redundant at this point, these truly are unprecedented times.
Never before has so many companies been faced with the daunting task of having most, or even their entire workforce work from home. It seemed almost overnight that we were suddenly supposed to know how to allow everyone to work from home, even if the company’s environment wasn’t set up to work like that yet.
It has been a few weeks now, and most businesses are getting the hang of this whole working from home thing. However, in a rush to make it work, many companies seemed to forget that security was also an important component to this equation.
Best security practices were ignored as business owners just tried to make it all work. Now that the immediate crisis is over, and people are able to keep up their work from home, it’s time to go back and make sure you are using good network security practices to keep your business data secured.
It is even more important to have your network security in mind since most businesses are unable to set restrictions and controls on all of the computers and environments that are accessing the business network.
Using 2-Factor Authentication is one of the most important things you can do to help protect your business’ data and network. Many successful phishing attacks can be thwarted with 2FA.
If you or your employees unwittingly give away login credentials, they will be notified that someone else is attempting to login to their account when they get the 2FA notification on their phone or device. This makes 2FA a very strong first line of defense against any attacks.
Many companies implement the use of a VPN, which takes a user’s computer and essentially transports the device back to the corporate network. The two main problems with this method are that the device that is connecting to the network might not be secured properly and the user experience can be very poor and slow, especially for very large line of business applications.
Instead, having employees log into a remote desktop can help you have more control over the environment they are using to access company data. The remote desktop can have all of the network security protocols in place, and can even require the use of 2-Factor Authentication.
Since many of the devices now being used to connect to the company’s environment, it is extremely important for those users to keep a working antivirus program on their computer.
As a personal device, there may be more lax security and as other members of the family access the device, there is more of an opportunity for viruses and other types of malware to infect the computer. Once the local machine has become infected, it can easily spread the infection to other computers on the corporate network depending on how they access the data.
Beware of Phishing
One major vulnerability for businesses is phishing attacks. This is especially true when your workforce is logging in remotely. When you are at home, you feel more comfortable, and could be less alert to the things that could be malicious.
You also don’t have the luxury to quickly ask the person in the next cubicle if this email looks legit or not. In our recent security focused webinar I displayed how quick and easy it is to send a targeted phishing attack to an individual that has a plausible back story. When everyone working away from the office it’s easy to think an email that appears to be from a co-worker is legitimate. You can’t pop your head up and say, “Hey Chad, did you just send me this email?”
Being extra critical of any communication over email is key to avoiding these kinds of attacks. It is better to be overly cautious than not cautious enough. Verify through other means any communications you receive that do not sound accurate.
Finally, as you may be logging into several different accounts from a home computer or an otherwise less protected network than your office, it is even more important to implement strong passwords.
A strong password is long and consists of unrelated words and numbers. The longer the password, the more secure it is. The saying goes “length is strength”. You should also never reuse a password for multiple sites or services. Your password for Amazon should be different from your password to Netflix.
With these security measures taken into consideration, your company should feel pretty confident in your ability to prevent a major attack. However, each employee of the company should never think they are immune to an attack. Even with the highest security tools in place, attackers can find a way in. Being vigilant about training can help you keep your network safe.