The COVID-19 pandemic has turned the world of business upside down. Almost overnight, busy offices and in-person meetings turned into remote teams and Zoom invitations. And while the priority over the last several months is to protect your employees’ physical health and safety, something businesses may still be struggling with is ensuring the cybersecurity of your business while people work remotely.
While employees work from home, they may let their guard down when it comes to security practices, whether it’s using unsecured networks, leaving their computers unlocked, or falling victim to phishing attacks.
Whether working from home was an option for your employees pre-pandemic, or is entirely new for your team, here are some critical best practices and policies to consider implementing to protect your business and your employees.
Install a VPN on Employee Devices
Setting up a VPN – or virtual private network – provides an extra layer of security for employees working from home. When logged into your company’s VPN, it will hide employees’ IP addresses, encrypt data transfers, mask a user’s location, and much more. Before the pandemic, VPNs were common for larger organizations, so if your small business doesn’t have one, but you expect your employees to work from home for an extended period, investing in a VPN provider may be worth your time.
Strong Password Policies
It’s estimated that 90% of passwords are vulnerable to hacks, so it may be wise to have several password policies in place. Standard best practices include mandatory password length and complexity requirements and that each program an employee uses have its own unique password. Consider investing in password managers for your employees to help them keep track of their passwords. Two-factor authentication (i.e., requiring a password plus a code sent to an email or phone number) for specific programs will also add an additional security layer if needed.
Create Rules for Working in Public
While most are staying home these days, occasionally, employees may need to work elsewhere or use a non-home or work Wi-Fi network. Your rules around using public Wi-Fi may vary, but if your employees work with sensitive data, you may want to consider exploring your options to keep them safe or even ban the practice altogether. That may sound extreme, but unencrypted networks, malicious hot spots, or leaving Bluetooth on in public can make employees vulnerable to cyber attacks. Even innocent onlookers can lead to risk, and protective screens on laptops may be necessary.
Encourage Home Security Checks
You can’t control what employees do at home, but if they’re working remotely for the long-run, encouraging home security can help keep your business safe. Provide a list of suggestions for employees to secure their home network and create a strong password for their Wi-Fi. Remind them to keep company and personal devices separate and to lock their work computers when they’re not using them at home. Work devices should not be left unattended outside or in a car. These may seem like basic policies, but they are good reminders nonetheless.
Invest in Cybersecurity Training
The best way to prevent security issues at your small business is education. On top of going through your company’s security policies, it’s critical to regularly educate employees about common phishing scams, securing home networks, avoiding public Wi-Fi, etc. Set up annual professional development training around these security best practices and send out email reminders about the latest scams and things to look out for. Making cybersecurity education a priority can help your team keep attacks at bay before becoming a serious issue.
Be Prepared to Deal With Issues
Even the best-prepared businesses are at some risk to a cybersecurity or data breach. Instead of panicking in the event of an attack, stay ahead of the game by putting together a response plan so that you can handle an issue as soon as it happens and reduce the fallout. Create a step-by-step checklist of what information you need, who to contact and when, what passwords or information you need to change immediately, and what, if any, disciplinary action you need to take with any employees not following your security policies.
Ask Your Bank About How They Can Help
Your bank is just as concerned about cybersecurity as you are, so don’t be afraid to ask how they can help you securely do your job especially while working from home in the COVID-era. For example, it is important that you review your account activity daily and notify your bank immediately if you see suspicious activity. Most banks offer Positive Pay, a service that automates this review for you to save you time to focus on other aspects of your business. Positive Pay helps protect your business against the losses associated with check and electronic payment fraud. Because it’s online and available through the mobile app, you and your staff can prevent financial losses from fraudulent activity anytime, anywhere.
We don’t know how long the pandemic will last, but it’s safe to say that remote policies, whether you had them pre-pandemic or not, are here to stay. Hopefully, your business already had some of these cybersecurity policies in place, but it’s always good to routinely revisit and update your security guidelines and educate your team throughout the year. Taking steps now to promote healthy cybersecurity habits may save your business from bigger issues in the future.
If you would like more information about Positive Pay or any other service to help protect and grow your business, please contact our Treasury Services Department at firstname.lastname@example.org.