Stay-at-home orders across the country have forced millions of businesses to establish remote workforces that rely solely on internet-enabled applications and products to conduct business.

The overnight move to remote work has increased cyber security concerns for SMB owners. However, many still have not implemented remote working policies to address cyber security threats, according to a new survey from the Cyber Readiness Institute (CRI).

Key SMB Cyber Security findings from the CRI Survey of more than 400 small businesses:

• 40% feel that economic uncertainty will prevent them from making necessary cybersecurity investments
• 46% of business owners provide any training to help workers be cyber secure when working from home
• Only 40% of small businesses have implemented a remote work policy focused on cybersecurity as a result of coronavirus (only 25% of those with less than 20 employees)
• 59% of small business owners said that some employees would be using personal devices when working from home

Three common cyber security concerns when working from home:

• Home Wi-Fi Security: As opposed to the office environment, where IT managers can control the security of all Wi-Fi networks, employees’ home networks probably have weaker protocols (WEP instead of WPA-2, for example). This type of network allows hackers easier access to the network’s traffic.
• Phishing Scams: Phishing attacks are a top cause of data breaches. Hackers can easily send seemingly legitimate, deceptive emails with malicious links and attachments. Once an employee clicks on this malicious link, a hacker can gain access to the employer’s device.
• Insecure Passwords: Simple passwords are incredibly easy for hackers to crack, and if a weak password is used across several platforms, it allows hackers to gain unauthorized access to multiple accounts in a very short period.

Essential practices for setting up a more secure virtual work environment

• Set up a VPN for your employees: A VPN (Virtual Private Network) is the first and most obvious way to secure your organization when employees are logging in from home. When people work from home, they use public internet or weakly-secured Wi-Fi connections to access confidential data in your central database. They also share sensitive files, offering a golden opportunity for hackers to intercept data mid-stream. A VPN uses strong encryption to create a “tunnel” for any interactions between your employees, and between your employees and your secure corporate network.
• Multi-factor authentication and strong passwords: Weak passwords are a known gift for hackers. The problem only grows when employees work from home, as the contextual shift makes it easier for them to ignore reminders from your security team. They are also more likely to share or save credentials for faster remote access when it takes time to get a response from a new remote security team.
• Offer training resources: Employees can cause data breaches in multiple ways, like failing to use a secure connection to download confidential data, forgetting to lock their screens when working in a public place, or falling for phishing emails that install malware on their devices. In fact, according to a report by Kaspersky, 46 percent of cybersecurity incidents in 2019 was at least partially caused by careless employees. It’s vital to invest time and energy in employee training to ensure that everybody knows how to reduce the risk of successful hacking attacks and is not afraid to report security incidents as soon as they occur. Frequent reminders, online refresher courses, and pop-up prompt help employees take security seriously.
• Access Control: Access controls are a vital layer of protection around your network. Losing track of who can access which platforms, data, and tools mean losing control of your security, and that can be disastrous. In response, use role-based access control to allow access to specific users based on their responsibilities and authority levels in the organization. By monitoring and strategically restricting access controls, you can further reduce the risk that human error might undermine your careful cybersecurity arrangements.
• Provide a list of approved apps and programs: The last thing any organization needs is enterprise data stored across staffers’ personal Dropbox and iCloud storage accounts. Whether using a secure gateway, remote desktop connections, or creating corporate accounts through their identity management platform and allowing direct application access — organizations are going to have to provide access to corporate applications so that staffers can access and use their data securely.

Conclusions

Overall, this blog has examined some critical steps that an SMB can do to protect its environment in a remote-first work world. The business world is changing rapidly, and it is more vital than ever that SMBs keep pace. Setting up a remote work policy is becoming more and more needed for SMBs to continue to function.

Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance.

Want to learn more?