5 Ways to Secure Your Virtual Office: Advice for Nonprofits5 Ways to Secure Your Virtual Office: Advice for Nonprofits https://www.varsitytech.com/wp-content/uploads/2019/11/Measuring-Impact.jpg 899 633 Ellen Piccolotti https://secure.gravatar.com/avatar/cc57cdf816099ae5b26128dbd96c6e02?s=96&d=retro&r=g
While most of us can’t wait for the pandemic to end and to get back to “business as usual”, remote work may remain the one silver lining of the last 10 months. Businesses had to shift quickly to be able to move their operations online. They’ve now had the last year to evaluate the effectiveness of remote work. And the results are positive! Most employees enjoy the perks of working from home – no traffic, lunch you can eat out of your own kitchen, and the comfort and ease of having pets and kids nearby.
So many businesses are deciding to give up their traditional office spaces and keep everyone at home. This opens up the question of security, not only for the business but also the employee. Letting employees access confidential information about your organization from home is similar to giving out a company car. You trust the employee, but you need to have some mechanisms in place to secure what is yours. You wouldn’t loan an employee a car without insurance, and you shouldn’t allow them to access your data without some security practices in place. Here are five ideas to help you and your employees work safely from home:
1) BYOD (Bring Your Own Device) Policy: Decide first what equipment your employee will be using at home. Do they have a company owned laptop? Even if they do, many employees prefer to use a personal device when working at home. Set a policy and have them sign it that states what type of equipment they are allowed to access company information from. Your BYOD policy should state the minimum requirements that computer must have in order to be considered a compliant device. Minimum requirements usually include antivirus software, antimalware and often Multifactor Authentication to be turned on at the desktop level. Don’t have your own BYOD policy? We can provide you with a template!
2) Education for Employees: Many people are working MORE hours when working from home. Eliminating a long commute gives some people hours of their day back and they are able to keep going longer. With longer hours can come exhaustion! When employees start to get tired, they can start to make mistakes like clicking on a phishing email they normally wouldn’t have. Most employees know what a phishing attack is, but many haven’t had formal training on how to spot one. Combine that with longer hours, trying to respond to emails quickly and you have a recipe for major breach! We recommend doing a baseline training with employees on how to spot threats and then providing continuous education so they stay up to date. Interested in Cybersecurity Training? We can help.
3) Save Your Data in the Cloud: Defaulting to saving documents and information in the Cloud is a good rule of thumb, particularly for remote workers. Especially if you are allowing BYOD, you want to make sure files are saved on your network, not on their personal device. If you haven’t already, we suggest moving all fileservers into O365 OneDrive and Sharepoint. Each employee gets their own personal OneDrive to store their files in. Having data in the cloud and not stored locally, will also help if a workstation does get infected by malware. Employees can get right back to work because they can access their information from the Cloud from another device.
4) Encrypt when Possible: Encrypting devices and email is another simple way to keep your data safe. When a device is encrypted, if the workstation is stolen or hacked, the information on the hard drive is unreadable. If you work with a Managed Services Provider (MSP), they can actually stop the computer from ever being booted again one it is reported stolen. You can also encrypt sensitive emails! This is highly recommended for organizations needing to meet HIPAA compliance and a great practice for at home workers.
5) Consider 24 x 7 Monitoring: As soon as your employees leave your office, they become vulnerable. They are no longer protected by your office firewall and secured WiFi network. There is technology available now that can monitor your employee workstations and your business cloud applications for threats. We call this SOC (Security Operations Center) monitoring and it puts eyes on what’s going on under the hood of your employee’s computers at all times. This is not productivity software used to spy on employee’s work behavior, it only scans for malicious code. Most code can be squashed before it even gets escalated to your MSP for further review. Interested in learning more about Remote Worker Monitoring? Let’s talk.
Whether you continue with remote work or decide to return to a traditional office, security will always be a concern. Attackers and threats get more sophisticated every day and the best thing you can do for your business is try to stay ahead of them as much as you can. Have you spotted a phishing attempt or had sometime try to scam you online recently? Let us know in the comments! If you want to know how to implement some of these things, we are here to help!