In the WFH (work from home) world of the pandemic, security has been a huge issue. Many small businesses don’t have the tech-savvy to equip their employees with the right tools to keep their data protected. Kaspersky, a cybersecurity firm, recently reported that 57% of small business employees don’t have company-owned devices but are instead using whatever they had at home. They also pointed out that two-thirds of employees have not received any support on how to protect their remote work from home.
What can be done by small business to make sure their employees are working with essential company data securely? While it’s understandable that many small businesses can’t afford to supply a company device to employees, this doubles the importance of providing some form of support documentation for employees. The documentation should outline some basic network security practices as well as a list of suggested free software or the licenses needed for installing paid software.
Here are some simple tips to include in your security documentation:
- Stay on top of software updates. When a software provider finds out their software could be compromised, they make an update available as soon as possible that patches up the vulnerability. Since hackers commonly rely on known exploits to target older software, you can significantly reduce your risks by keeping software up to date.
- Use secure passwords on all accounts, a unique password for every account. A secure password is at least ten characters long and uses at least one capital letter, one number, and one special character. Never use information that someone else may either know or figure out, such as birthdays, pet names, favorite hobbies, etc. You may want to suggest using a password manager to keep track of unique passwords and create new secure passwords.
- Do not forget physical security! Never leave your device in a vehicle. Always keep an eye on the device if you are away from home or the workplace. Never leave your device while it is unlocked.
- Use encrypted storage for business-related files. This way, even if an attacker does manage to access your data, they will not be able to do anything with it. Your business can provide encrypted storage licenses for employees to use, or you can suggest free services.
- Don’t recycle business data. Use a software file shredder to delete files in a way that renders them unrecoverable. When you put things in the recycle directory in Windows and empty it, all you are doing is removing the filenames. The files’ data is still on the hard drive. A file shredder overwrites the data multiple times with nonsense characters, so the data becomes useless.
- Use a VPN (a virtual private network). VPNs create a secure, encrypted connection with the internet that no one can intercept, provides enterprise-grade firewalling to block hacking attempts, and obscures the user’s IP address. Hence, it isn’t useful for future attacks. While there are some free VPNs, they are not suitable for business use. Fortunately, VPN plans are very inexpensive, and one account can cover many devices at once.
With these tips in conjunction with antivirus software, you will have more reliable protection for your employees’ WFH environment to defend the confidentiality of your business data.