Work from Home is a concept that was in early stages of acceptance in the later 2010s and early 2020. It was generally acknowledged this was a possibility for many jobs, but some reports cite that barely 3% of the American workforce was remote at that time.
But that was before the dark times. Before the Coronavirus. (Sorry, my Star Wars nerd came out there.)
Suddenly we all were plunged in a new world. It was scary, but there was hope as well. Many businesses were being forced to close their offices for safety reasons. For us, as Managed IT Services Providers, we saw a relatively swift transition for our customers to remote work. Those who were able to continue business from home often did so.
And now, a year in, many are still working remotely. Certainly, the world of commercial real estate has changed, and many businesses have moved to less lavish quarters as there simply is less need for large offices.
Unfortunately, bad actors soon realized there now was a whole new avenue to exploit and scam. Sensitive business data was now being housed on less secure home networks, often over unsecure or poorly secured WiFi networks. The number of attacks that have occurred, and will likely continue to occur as long as work-from-home remains popular, is staggering.
It’s important to understand how malicious actors are targeting businesses. Many times, it is a small- or medium-sized business that is targeted. Sure, this is not a “big fish” for a hacker but the bad guys are smart enough to understand that a small business may have someone technically savvy running the networks, but not necessarily someone skilled in cybersecurity. Many of these businesses do not have a cybersecurity training program for all employees and are susceptible to phishing which, bluntly, is easy money for a criminal. After all, falling for phishing is giving away the keys to the house.
Smaller businesses are less likely to use multi-factor authentication (commonly called MFA) which exponentially makes entry more difficult. In fact, small businesses made up 58% of cybercrime victims in 2018, and over 60% in 2019. While numbers for 2020 are not firm at the time of this writing, experts agree the number will likely grow. Many folks don’t realize that cybercrime is a lucrative criminal enterprise and that many of these enterprises are just that—to the point that many mirror the organizational structure of a major corporation.
The most common methods bad guys use to get in to your business’s systems include phishing, purchase or other acquisition of previously compromised credentials from the Dark Web, poor encryption of wireless networks, unpatched vulnerabilities, and poorly configured security devices (such as firewalls).
However, there are some commonsense solutions that can really assist in securing our data. Our business data, yes, but also our personal and family sensitive data. Here are a few techniques to make sure your employees are operating in a safe manner:
- Keep machines updated and on modern operating systems. This is a VERY common error people make in dealing with both personal and commercial information. An out-of-date computer is prone to attacks easily available on the Dark Web.
- Use mainstream anti-virus and anti-malware software, and keep it updated. Schedule the software to do regular scans.
- Uninstall unnecessary “junk” software. This may be, among many options, a result of bloatware from purchasing the machine or may be an add-on software package to a game or other free download.
- Use a Virtual Private Network (VPN) for connecting to the office. There are relatively easy to set up and encrypt traffic between the sending and receiving machines.
- Turn off options to automatically connect to WiFi. You or your business associates may have airtight security on your home and business network, but if someone inadvertently connects to a free coffee shop WiFi, a security hole quickly opens.
- Separate home networks. Many of us use smart appliances, and these at times can be exploited for vulnerabilities. If their network is separated from the computer’s network, at least a layer of insulation exists between a hacker with malintent and your business or personal data.
- Lock your computer when not in use. This is good practice at the office, as well, to maintain that anything done on that machine is likely done by YOU. However, this is much more important if you are using your machine in a public place or if you have children (to lower chances of accidental deletion, for example).
- Ensure your work is completed on a separate Windows or Mac profile than other family members use.
- Use a password manager to randomize passwords. Preferably, use a password manager protected by MFA.
- Use a DNS filter, if possible. These can be purchased or are often used on company machines, enforced by the company IT department or company’s MSP.
- Use M365 or other productivity apps on your phone? Keep your phone updated, as it is a penetrable device just like a PC or Mac.
- Uninstall unneeded browser extensions. These can become unsafe over time, or simply can be malicious from the start.
- Always err on the side of caution. If an odd email pops up, contact the appropriate person directly to confirm the message is, indeed, from him or her.
- See something? Say something! Yes, we’ve heard it a thousand times before and it is sage advice for the IT world as well.
- Always double check what you click. One trick is to mouse over, but don’t click, links at first. Often, the URL will pop-up and should read an expected address. This can be harder on mobile devices, so be uber-careful!
- Always have a backup! There are varying levels of business continuity planning (we can help with this) but having no backups means a ransomware attack—or even accidental deletion or data corruption—could be devastating.
If your SMB needs help securing its work-from-home IT solutions, please CONTACT US and we can help you out!