Covid has changed the way many of us work. IT Security is more important than ever. In this article we provide some steps that can be implemented to help protect your information and your network.
We have come a long way from early 2020 when the pandemic hit. COVID has had a huge impact on how we conduct and operate our businesses. Many businesses changed the way in which they and their employees worked. Gone are the days for many where employees work solely out of the office or work location all the time. Instead, many employers have become more flexible in allowing their employees to work remote fulltime or even on a hybrid set up where they spend part of their time in the office and part working remote.
With the change in where business is conducted, businesses must remain vigilant. Your IT security best practices used for your employees who worked remote during the pandemic should be maintained and become permanent fixtures within your business.
Here are three things you can do to keep your business safe with a remote workforce.
Control Access to the Physical Site
If you have a mixed staff of remote and onsite workers, or have set up a hybrid work model where employees work both remote and in the workplace, make sure you have some control over who is accessing your office and when. It becomes important that your staff are able to distinguish and easily recognize their fellow co-workers. Avoid having a simple open-door policy that can leave your data vulnerable to both internal and external threats.
Businesses with poor visitor control have struggled with this security issue even before the pandemic. It is best to have someone who can record and control access to the building to avoid snooping and data theft. Ensure that:
- offices are locked when not in use
- documents are filed away properly
- access to documents (both physical and digital) is properly restricted
- after-hours visits are restricted
People tend to focus so much on the digital aspects of cyber security, that they risk overlooking physical vulnerabilities around them. Something as simple as a post-it note with a password can provide an access point to your data.
Ideally, these practices should remain in place even after this pandemic. Visitor control is essential to the security of your business.
Encourage a Wind-Down Period
We have all felt the end-of-day rush at some point in our lives. We may scramble to meet an appointment. We may be eager to get as much out of a Friday as we can. Whatever the reason, rushing to close out our workday can lead us to making careless decisions or mistakes.
A rushed employee is more likely to carelessly download a malicious attachment or share sensitive data with an unverified requestor. When under pressure, we can be tempted to cut corners in the name of expedience.
Those who are still working in offices face added vulnerabilities. If an employee forgets to print an important document, they may be tempted to call into the office and request a co-worker log into their computer to save themselves an extra trip in. This means sharing login credentials and allowing someone else uncontrolled access to their device. If that employee fails to log out entirely, then they do not even need to share their credentials for others to have access to their computer.
Having a sufficient daily period for employees to properly “close out” their day will minimize the end-of-day rush and reduce your business’s chances of a security breach. Encourage your employees to wind down their workday as it comes to a close. They should ensure that they are not forgetting any tasks that cannot wait until the next workday and are properly logging off their devices and securing their physical documents.
Revisit the Fundamentals
As always, make sure you are brushing up on the fundamentals of remote cyber security. Add cyber security reminders to your company-wide communication updates and host periodic cybersecurity webinars.
Ensure your employees are being mindful of security fundamentals like:
- verifying before sharing sensitive data,
- using a VPN to connect to your network,
- separating home and office devices, and
- protecting against phishing attacks.
By implementing and maintaining these three fundamentals, it will help to establish and maintain your security of your information and network. IT security can at times seem complicated and expensive, but it isn’t something that has to be. These are really the fundamentals of any IT security program.