COVID-19 created a perfect opportunity for bad actors to prey on the unsuspecting businesses forced to have employees work at home. The very abrupt and wide-spread shift to work-from-home arrangements resulted in a loss or weakening of cybersecurity controls for many companies. Workers were possibly forced to use personal devices. They may have been accessing critical business apps from outside a secure environment. To get things done quickly, they may have shared data over non-secured channels.
Now, as the pandemic has waned and hybrid opportunities - part-time in the office, part-time at home - have increased, taking a proactive approach to keeping your systems and data safe is more important than ever. Here are a few security tips for your remote workforce to help reduce your risk of a cyber-attack.
1. Suspicious Emails
Opening phishing emails can allow viruses to be downloaded or employee contact information to be accessed. Most email service providers include spam filters with their product. They are designed to keep emails out of your inbox when they include “spammy” words or are sent in mass.
For a second layer of security, install a software solution like Second Chance. With Second Chance, you can hover over the link in the email and see the actual link that a click would send you to. Seeing the “real” link gives you a “second chance” to decide whether to click.
2. Password Manager
A password manager tool is used to store all your passwords in a single, secure location. Then, passwords can be shared across the organization, as you determine proper. This means there is no need to email login credentials from one employee to another. LastPass is a good example of a password management tool.
3. Two Factor Authentication
Two factor authentication is a second way of verifying yourself before accessing a system or website. It’s important because it has become easy for hackers to discover your password. Using two factor authentication, or 2FA, reduces your risk of a breach.
An example of 2FA is having a code texted to your phone. After entering your username and password, you must enter the code to verify yourself a second time. Other services that work well are Duo and Google Authentication. Many sites, such as bank sites, have their own 2FA protocols.
4. Secure Email Portal
A secure email portal is crucial when working remotely and sharing sensitive information. A few examples of sensitive information would be financial data, credit card numbers, social security numbers, and login credentials. But really anything that breaches someone’s privacy is sensitive, which is highly subjective. A portal allows you to send documents and information securely in an encrypted email that the recipient must unlock before reading it.
There are many secure email portals to choose from. Consider SafeSend, which allows employees and clients to share sensitive information with each other.
5. Secure Server or VPN
Having a Virtual Private Network, or VPN, makes it safer for employees to access company systems and records remotely. The VPN creates an encrypted network connection. Employees must login to the VPN to access your servers, which are behind a firewall.
We hope these tips help you and your employees work remotely, safely and without any cyber-security challenges. We recommend formalizing your technology policies, for work performed in the office and remotely. Incorporating these policies into your staff training plans will enhance everyone’s awareness of the risks and what they can do to help keep your IT environment safe.
At All In One Accounting, we take businesses from financial chaos to business clarity and beyond. Our elite team of Accountants, Controllers, and CFOs are ready to help you in these uncertain times, using best in class security measures to ensure all of your data remains safe. Contact us for a free consultation with one of our accounting professionals.