Cybersecurity has always been a concern for most companies. Fast forward to today, businesses have to learn how to manage a distributed workforce in a short amount of time.
While those who have had a remote workforce or have distant assistants working for them might be doing well, most businesses are experiencing this for the first time.
Having a distributed work environment opens the door for cyber threats and the risks associated with it.
In a recent Live with Bottleneck podcast, Morgan Wright discussed the topic of cyber threats and cybersecurity. For those who are unfamiliar with his work, Morgan Wright is an internationally-recognized expert on Cybersecurity strategy, Cyberterrorism, identity theft, and privacy. He was also a Senior Advisor in the US State Department Anti-Terrorism Assistance Program and Senior Law Enforcement Advisor for the 2012 Republican National Convention.
In addition to 18 years in state and local law enforcement, Morgan has developed cybersecurity solutions for the largest technology companies in the world.
Here are some of the points about cybersecurity that he had raised and how you and your business can avoid such threats.
Cybersecurity Risks in the New Normal
Most of these cyber threats have long been a thorn to businesses and enterprises that depend on the web. With the shift to remote work, another level of vulnerability has joined the mix. To make sure you know exactly what to look out for, here are some of the concerns of having a distributed workforce:
Network Hacking and Data Breach
Protecting company data is one of the most crucial aspects of cybersecurity. If your business deals with information about your client, the stakes get even higher.
It can result in lost man hours and important data for both you and the client. But most importantly, it can lead to a loss of trust from current and potential clients.
Having a distributed workforce means taking different measures for security. It would be ideal for companies to provide a remote device that their employees can work from.
Dedicated devices make it easier to prevent unauthorized access to your network.
If your remote workforce needs to work on their personal devices, there are other options available. Companies could also avail of Remote Desktop Services that have Multifactor Authentication.
This allows employees to access a virtual desktop remotely on their device. This not only offers control of the data flow but can also connect you with your employees in an internal network.
Phishing Scams, Impersonations, and Fraud
Most people are familiar with online phishing scams by now. Who has not received an email that says they have won money on a raffle, or a certain prince who wants to give them money?
Unfortunately, phishing attacks are becoming more prevalent, particularly in businesses. Hackers would pretend to be employees and send emails with malicious links in them.
And all it takes is one employee to click that link for them to gain access into the network and steal data. They can then use that employee’s account to send out more of the phishing emails to get higher levels of access. In this case, no amount of cybersecurity can help if the problem is the user itself.
Some will straight-up impersonate the CEO or owner of the company and email their distant assistant to send them sensitive information, or request funds to be transferred. These ones are easy to catch if one is wary, but it can still slip through the cracks if one isn’t paying attention.
Another type of scam that has devastating effects is Ransomware. It is pretty much the same as phishing scams: you get an email with a link or a file that has malware.
The difference is rather than stealing your data, it will lock you out of your device and take your data hostage. They will then contact you for a “ransom”, so you can gain access to your files again. This one is particularly nasty, as it often leads to loss of valuable data, regardless if you ransom it or not.
Ultimately, the best course of action against ransomware is to be vigilant. Never click links that you see in emails, and always check the sender of the email. If it is someone you know, ask them if they sent that email, and inform them of the breach if that was not the case.
This last one is a recent issue that has blown up due to the increased need for video conferencing for work. It came to light in the recent boom of the video conferencing tool, Zoom.
Zoom has been a helpful tool for remote workforces and distant assistants who need to communicate with their clients. But with the sudden increase of users, cybersecurity flaws have started to emerge.
Since you only need a link to connect to a meeting, it has been plagued with disruptive people. Another issue is if that gatecrasher happened to hear internal company information. While the latter is unlikely, it is still a possibility.
If you have to use Zoom for meetings that involve company information, use a meeting link that only a few people know. Better yet, add a passcode to your meeting link for added protection.
Steps you can take to prevent cyber threats and beef up your Cybersecurity at work
Morgan Wright brings up an interesting point about Cybersecurity: sometimes, just following the basics can shield you from most cyber threats out there. That said, here are some tips and advice you can follow to avoid such risks when working remotely:
Have Separate Devices for Personal and Office Use
Using a personal device for work can be risky. More so if your tasks require access to sensitive client or company data. It is ideal to have a separate device for work. And if your company issues a remote device for you, make sure not to use it outside of work. The less contact it has to possible threats, the better.
Another thing you can do is have a dedicated network for work in your router. A dedicated network not only helps with security, but you also have fewer devices to compete with for the bandwidth.
Encrypt your Data in Motion – use VPNs
If you have to work on a public network, it is important to encrypt the data that you are sending out. Using a VPN to encrypt your data as it comes out of your device will deter most of the risks of using a public network. It can protect your data from malicious people or software that may be lurking in that network.
But if you are at home, you may not need to use VPN all the time. If you are confident that your network is secure, using VPN is redundant. Most websites, banking apps, and cloud storage nowadays have security protocols in them.
Using VPN might result in a response delay as both ends are encrypting and decrypting at the same time. It is only when you are using it in a public space that you need extra protection.
The Myth of Changing Passwords
Most security professionals would recommend changing your passwords every 30 or 60 days. Some companies even make it mandatory by having your password expire after. But is it really a good idea to do it so often?
According to the National Institute of Standards and Technology (NIST), it isn’t. Changing your password often does not necessarily equate to better security. And if you are someone who uses a lot of tools that need access, you end up having to remember too many passwords at once.
This can lead to people writing them down, oversimplifying it, and other bad password behaviors.
So when should you change your password? Here are some of the instances where you should definitely change your password.
- You have reason to believe that there was unauthorized access to your account.
- There is evidence of malware in your device or a device that you used before.
- If a website or service you use had a recent security issue.
- You shared access to an account with someone else and they no longer use the login.
- You logged in on a shared or public computer.
- It has been a year or more since you last changed the password.
Having trouble keeping track of all your accounts and passwords? Use password management apps like LastPass.com. You won’t have to worry about using it in public spaces, as it provides an encrypted password for you.
You can also use it to share access to a dedicated distant assistant but still maintain control of the level and duration of access they have.
Last but not least, you should be vigilant at all times. All the security features don’t mean anything if you are the root cause of the problem. Those malware and viruses do not just install themselves. It needs someone careless enough to click a link or open a malicious file for it to happen.
So if you get a suspicious email from someone, it is best not to click any links or files in the email. Check who sent it, and if it is someone you know, confirm it with them. You might even end up alerting that person that they have a compromised account.
If you are working with a distant assistant, you need to find a secure way to transfer data to avoid possible leaks. You must also remind them not to access any suspicious websites.
Lastly, they should alert you if they receive any suspicious email or messages from “you.” Remember, you are only as strong as your weakest link.
There are a lot of cyber threats out there, and it is understandable why some companies are reluctant to go remote because of these risks. But by following these basic tips, you can make a secure workplace for yourself at home or in your remote office space.
Have you been a victim of these threats? Let us know how you resolved it and what you have learned from it in the comments below! You can also reach us on Facebook and Twitter if you have questions on how to secure your remote workforce.
Hear more from business experts and entrepreneurs! Check out Live with Bottleneck for more information on how to take your business to the next level!
Want to learn more on how you can coordinate with your distant assistant in securing your business from cyber threats?
Subscribe to our newsletter so you can receive up-to-date information about distant assistants and beefing up your Cybersecurity. You also get FREE access to our Ultimate Distant Assistant Checklist when you sign up.