Contact Us Today!   314.394.3001   |   info@andersontech.com

Don’t Take the Bait: Securing a Remote Workforce

/in , /by

With the increase in employees working from home, a comprehensive cyber security plan is imperative now more than ever. Remote access to your business’s network, especially from personal computers and devices, is a weak link in your cyber defenses. This makes the need for comprehensive employee training essential to your cyber security plan. One successful phishing attack combined with remote access can provide bad actors a direct path from your employee’s computer to your business.

Work from Home Safely

For many businesses that suddenly gained a remote workforce, employees are the first line of defense against cyber attacks. Employee education for phishing attacks and basic cyber security measures are essential tools in your business’s defense against a network breach.

Phishing in the Time of COVID-19

While cyber security education has improved employees’ ability to spot phishing attempts, the COVID-19 pandemic opened new avenues for bad actors to exploit in their phishing attacks. The tactics aren’t new. Bad actors continue to trick the distracted or unsuspecting into clicking a link or downloading an attachment, and they continue to target specific individuals for business email compromise (BEC) schemes.

What has changed are the lures used trick the recipient into action. Bad actors have shifted their message to capitalize on the uncertainty around the novel coronavirus. Emails spoofing health organizations such as the WHO and the CDC contain links or attachments that claim to contain information about the coronavirus pandemic. An employee who may know not to click on a random link sent to them in an email, even from a known contact, might not be so careful against a link purporting to inform them about updated COVID-19 news.

Train your employees to be skeptical of all emails or messages related to the COVID-19 pandemic. Most major organizations are not going to be directly emailing individuals. If an email claims to be from an official source, do not click the link, but rather go directly to the organization’s website. Any updated information or legitimate news will be posted there.

Put into place policies and procedures to protect against BEC schemes. Bad actors have tailored their messages to take advantage of the isolation of the remote workforce. BEC attacks rely on the recipient not verifying a request for funds or access with the person or company being impersonated, thus failing to discover that the transaction is illegitimate. Their new tactic to ensure this is to include a note that the requester can’t be contacted due to COVID-19 quarantine, or not to tell anyone so their stated COVID-19-positive status is not known publicly.

Every business should have policies that require all changes to account numbers or unplanned transactions to be verbally verified through known channels (not the email’s contact information) before being enacted. This simple policy reduces the chance of successful BEC attacks from happening in your company.

Bring Your Own Devices

Many businesses don’t have the capital to buy new hardware for their newly-remote workforce. This results in what is referred to as BYOD or Bring Your Own Device. With BYOD, employees use their personal computers or mobile devices to access company data, whether through VPN, web portal, remote desktop application, or software-specific application. This is a cost-efficient option for those working from home, but it comes with risks and can be difficult to secure if you’re not a trained IT professional.

No home network is going to be as secure as a properly set up office network with an enterprise-grade hardware firewall, but there are measures that your employees can take to strengthen their home defenses. Make it policy to ask these basic security questions before allowing employees to work from their personal computers:

  • Do they have a router with WPA2 or higher password protection enabled?
  • If they live with others, do they have their own password-protected profile on the computer?
  • Are all passwords unique and meet your company’s password policy requirements?
  • Can they work in a place where others cannot see company data?
  • Can they limit browser extensions or use a separate browser for work to avoid data leakage?
  • Is their computer operating system and anti-malware/virus software up to date?
  • Have they been trained to identify problems with their computer systems that may indicate infection?
  • Do they know who to call if they suspect their computer may be compromised while connected to your business network?
  • Have they been trained on all work-from-home policies and procedures?
  • Have they been trained in cyber security best practices, including how to spot phishing attempts and suspicious websites?

The computers may belong to your employees, but the data they’re accessing is your business. Make sure to reduce the risk of remote access as much as possible.

Training Is Key

The best defense against compromise is a comprehensive, on-going training plan for all employees. They can’t spot phishing if they don’t know how to identify it nor use strong passwords if they don’t know what’s secure. When employees work from home on less secure networks, it is even more important to ensure they are informed and prepared for any cyber security challenges that may arise. Annual training with cyber security professionals can keep you and your employees up to date on the trends in security threats and how to defend against them. Don’t wait until it’s too late to give your employees the information they need to protect your business.

Cybersecurity-eBook

Our FREE guide for employees details best practices in cyber security!

A remote workforce is a weak link in your cyber defenses, but that doesn’t mean you can’t set it up as securely as possible. Verify security measures and provide the necessary training and policies to keep your employees and your business safe.

If you need cyber security training for your remote workforce, contact Anderson Technologies. We can be reached at 314-394-3001 or info@andersontech.com.

MFA – An Extra Layer of Digital Protection [Updated for 2020]

/in /by

What do logging into Netflix from a new device, updating your PayPal account information, answering questions about your first car before accessing your iTunes account, and withdrawing money at an ATM all have in common? Authentication!

The National Institute of Standards and Technology (NIST) creates guidelines for passwords and the software that requires them, which Anderson Technologies has previously discussed. Technology is still changing to adopt these standards, so it is up to us to take cyber security into our own hands—and that includes business security practices. The most commonly used and overlooked of these measures is password safety and authentication.

Hackers are great at keeping up with technology, so as consumers and business owners, we must keep up with it as well to stay safe. Multi-factor authentication (or MFA) has been around for years, and it’s so common that we take advantage of it more than we might realize. MFA remains one of the strongest defenses surrounding our digital lives.

What Does MFA Look Like?

You’ve probably already encountered MFA without realizing it. Any website that utilizes verification codes or emails is using a form of MFA. A task as simple as changing your Apple ID requires MFA to confirm the new information. With the prevalence of data breaches across the globe, MFA can protect your account even if your password is compromised.

MFA as it applies to your business’ safety most often takes the form of software that requires a user to provide two forms of evidence proving they are authorized to access the system. This includes security codes, verification emails, security questions, and biometric software. Physical security keys, such as Yubikey, can be used as an identifier and ensure only the person with the device can access the accounts.

Applications like Google Authenticator or Authy can also be attached to countless logins by connecting your account information. Validated access to your account (your email, for example) is established with a unique QR code or numerical key that securely connects your mobile device. From that point forward, logging into the site requires not just your standard user name and password but also a randomized six-digit code available only on your device. This code refreshes every 30 seconds for even greater security.

Some sites and servers have their own internal methods of verification, and other MFA methods may require special hardware, such as badge readers. These are useful for businesses and organizations that use specialized systems to access confidential databases. This includes cashiers logging into their retail system or technicians scanning an ID card to pull up your file during a dentist visit.

What Are the Benefits of MFA?

If hackers get their hands on your login credentials, it’s easy to mine data from your other accounts. MFA acts as a barrier to the hacker by confirming the identity of the user attempting to login through secondary security measures. In this way, even if your password was compromised, it would be useless without physical access to your authentication device or account.

MFA is beneficial for companies who have employees on the go or working remotely. Using multiple layers of authentication allow remote employees to securely access encrypted data from unfamiliar networks and devices.

What Are Some Challenges to Integrating MFA?

Resistance to change is one of the tallest hurdles when integrating MFA into your business networks. Though MFA usually uses devices your employees already have (like their smartphones), some see MFA as inconvenient or time consuming. This is rarely the case when using simple applications.

MFA goes hand-in-hand with the Zero Trust security model, a tool that requires authentication at every step of the login process. New security concepts can be challenging to introduce in the workplace but, like all new plans of action, the multiple verifications will become second nature. Your company will greatly benefit knowing your data is secure.

You may find it valuable to coordinate with a managed services provider when integrating MFA to internal networks, especially if your needs require special enterprise-grade hardware. An IT support team can provide training to ease the transition for your employees, some of whom may be hesitant or feel they don’t have the time to properly implement MFA across all their accounts.

With a little practice and an IT team behind your business’s transition, MFA doesn’t have to be intimidating or bothersome—and the benefits are invaluable. For more information on how to keep your business safe using MFA, contact Anderson Technologies today at 314.394.3001.

Quotables: 6 Ways to Use the Cloud for Your Home-Based Office (Home Business Magazine)

/in , , /by

Principal Farica Chang is featured in Home Business Magazine.

Click here to read the full article!

Check out our Work from Home Checklist to start the home office journey!

Are you in need of expert IT consulting?  Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses.  Let us help you today!  Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables?  This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers. 

What Does Working from Home Look Like With an MSP?

/in , , /by

Businesses across all verticals are struggling to adjust to the new digital workplace driven by COVID-19 and social distancing efforts. However, businesses fortunate enough to stay afloat rely now more than ever on IT vendors and IT managed service providers (MSPs) to keep their employees online and working.

What does a national emergency and sudden loss of normalcy look like for clients of an MSP?

Answering the Call

You’re probably used to seeing your MSP technician at your workplace, installing a new piece of equipment or troubleshooting a persistent issue. But since on-site IT support has halted until the COVID-19 pandemic ends, how are MSPs tackling hardware solutions?

IT Support Coordinator Elena Estrada describes COVID-19’s effect on hardware acquisition as “a perfect storm.” Businesses across the nation raced to purchase laptops for their workers transitioning to work from home—MSPs included. “Lots of our clients realized they didn’t have laptops or home systems to be able to remote into their work computers,” Estrada says. “It caused a mass panic for retail laptops.”

Anderson Technologies typically works with a few trusted outlet partners to provide the best hardware for their clients, but ordering laptops the usual way quickly became impossible as outlets sold out seemingly overnight. MSPs had to get a little creative. “We needed to find other options,” Estrada says. “A local electronics store had laptops in stock that weren’t necessarily what we normally send to clients, but we bought extra sticks of memory to accommodate. We had to bring multiple employees to the store because there was a two-system limit on hardware purchases.”

​But finding enough hardware wasn’t the only difficulty. “The most challenging aspect is trying to navigate things that require physical interaction,” says Estrada. “Those types of situations are hard to work out.” Many of Anderson Technologies’ clients are local to the St. Louis area, meaning that mailing or shipping necessary hardware isn’t a customary practice, not to mention it puts unnecessary pressure on essential delivery personnel.

Channels of communication between MSP and client are more important now than ever. One of Anderson Technologies’ clients recently needed a laptop for a new employee. The configured laptop was ready to be given to the client on a Friday, but since the employee would be starting that Monday, the laptop wouldn’t arrive in time if shipped. Anderson Technologies was able to coordinate a drop-off plan with the client, but it shows how challenging it can be to safely navigate and standardize these situations from a business perspective.

Need for Speed

Many businesses have temporarily closed their doors due to statewide stay-at-home orders, and entire companies now work from home every day. When you’re used to working in your professional environment, it’s pretty easy to tell when something isn’t working correctly. This isn’t the case when working from home, especially if you’re doing it for the first time. Working from home exposes users to threats they would normally never encounter in their workplace.

“A lot of residential internet plans are not as fast as what they’re used to in the office, which causes some issues with their work,” Estrada says. “Many times, they think it’s a hardware issue or an issue with the program they’re using, but it ends up being that they need a bit more patience with their current speeds.” This makes managing expectations essential to working from home successfully, both for the MSP and the end user.

“I think the majority of people who have transitioned from their office to their home don’t realize that home internet greatly impacts their working-from-home experience,” says Senior System Administrator Eric Dischert. “Throw in some kids streaming music and The Office re-runs on the same connection, and the work-from-home experience degrades quickly.”

“Another issue is the internet line running to their actual office,” Dischert warns. “If that connection is sub-par or there are many users remoting into their work computers, that bandwidth shrinks and might need a boost.” When your work day relies on two internet connections functioning properly, you may experience more hiccups than you would at your normal workstation—meaning more work for your MSP.

Even as MSPs are problem solving new kinds of technical issues, they’re also adjusting to working within stay-at-home orders themselves. “Remoting capabilities have made things pretty seamless,” Estrada says. Anderson Technologies already incorporates remote monitoring software as part of their managed services plan, which made the transition a little easier for providing quick technical support.

Lock Your (Virtual) Doors

The COVID-19 pandemic has affected the globe, and bad actors all over the world are taking advantage of the newly-digital workforce. They are tweaking their phishing methods and other online attacks to sneak their way onto your more vulnerable home networks. Remote workers, stressed about their safety and livelihoods, look like sitting ducks to malicious actors. Every cyber security crack must be sealed.

Cyber security training has always been an important part of the MSP-client relationship, but businesses are kicking it up to protect their remote workers. “There are a lot of security issues involved in working from home due to lack of experience in doing so and just being a bit more comfortable in your home,” Estrada says. “Users aren’t as guarded.”

Distractions themselves contribute to users letting their guards down and create opportunities for phishers. “Personally, there are a lot of distractions at home that take my attention,” Dischert says. “Kids, dog, spouse, etc., are all buzzing around and it’s hard to concentrate, especially for people who normally do not work from home.”

Even after the pandemic ends, MSPs expect to see an uptick of clients seeking work-from-home solutions. This is part of a trend that’s been growing for over a decade, as the number of US employees working remotely has increased 159% over the last 12 years. Some workers thrive in their home environments where work arrangements are more flexible, reducing stress and increasing morale. These workers may choose to incorporate virtual desktop software or hardware setups that are easier to carry back and forth to the office.

 

Until it’s safe to return to their normal routines, America’s workforce will continue to adapt to the daily changes in this pandemic’s trajectory. But working from home doesn’t have to leave you vulnerable or without IT support when you’re working with an MSP. Expert MSPs know that disasters and emergencies are why it’s important to make sure your networks are healthy from the start.

Need help transitioning to a WFH model? Call Anderson Technologies today at 314.394.3001 for a free consultation!

New ebook Available: Get Hip to HIPAA: A Beginner’s Guide to HIPAA Compliance

/in , /by

Struggling to understand the basics to HIPAA compliance? Want to keep your customers’ private data safe? Download Anderson Technologies’ Get Hip to HIPAA: A Beginner’s Guide to HIPAA Compliance for an overview of the important aspects of HIPAA, including the Security Rule, Risk Assessments, and the many resources available to help bring you into compliance.

 

Click here to download the FREE ebook!

Are you in need of expert IT consulting related to HIPAA compliance? Anderson Technologies is a St. Louis IT consulting firm that specializes in small businesses. We’re here to help! Give us a call at 314.394.3001 or email us at info@andersontech.com.

The Murky World of Cyber Insurance

/in , /by

Anderson Technologies often reports on the rising dangers of ransomware or other forms of cyber attack and how to defend against them, but even the most diligent business can still fall prey to determined cyber criminals. A robust business continuity and disaster recovery plan can get you back in business without as much downtime, but the cost of the intrusion may continue to rise if personally identifiable information (PII) or electronic protected health information (ePHI) is exposed in the breach. Small business owners need to seriously consider adding a cyber insurance plan to their existing insurance coverage or they may find themselves without any financial support when they need it.

Why Is Cyber Insurance Necessary?

When cyber crime was just becoming a major financial problem, policies often did not explicitly include or exclude cyber attacks and damages. If the insured party claims that the damages incurred by a cyber attack fit the definitions of the policy’s terms and the insurer pays out, this is considered “silent cyber” coverage.

Some insurance companies refuse to pay for damages from cyber attacks, though, and many insurers have begun explicitly excluding cyber damages from general business insurance policies in favor of separate cyber insurance policies. Insurance companies have been taken to court for failing to pay this “silent cyber” coverage, and some policyholders have successfully won, but this is not always the case. That lack of guaranteed coverage should concern small business owners who do not have a dedicated cyber insurance policy.

What Types of Cyber Insurance Are Available?

When choosing cyber insurance policies, there are two main types of insurance coverage available: first-party coverage and third-party coverage. It is essential that buyers know the differences between these two types of coverage and carefully examine the necessity of both for their own company.

For a quick overview on what cyber insurance policies should include, the Federal Trade Commission provides a helpful checklist for small businesses.

First-Party Coverage

First-party coverage involves the costs incurred directly by the insured company as a result of a cyber attack. The types of expenses or damages first-party cyber insurance can cover include:

  • the cost to restore or replace data and software destroyed or stolen in a breach
  • the cost of investigating a data breach or cyber attack
  • income lost during downtime or spent to restore the business to working order
  • the price of a ransom demand, if paid
  • the cost of notifying all necessary parties, including customers, if PII or ePHI is compromised
  • the cost of crisis management to deal with the media/public fallout from a security breach

Third-Party Coverage

Third-party coverage involves the expense of legal action taken against you as a result of a breach. This could be by customers or by other businesses whose data is compromised. Third-party cyber insurance can cover:

  • claims of negligence that resulted in the cyber attack and breached data
  • claims for failure to fulfill a contract due to system downtime or lost data
  • claims of defamation, invasion of privacy, or copyright infringement as a result of exposed data
  • settlements or damages owed to injured parties
  • fines imposed by regulatory or state agencies

For businesses at risk of breaching client or customer data, both types of cyber insurance may be necessary to cover all possible expenses. A thorough risk assessment of the business can help determine the best course of action.

Denial of Coverage

Just because a business has purchased cyber insurance doesn’t mean the insurance company will pay a claim in the event of a breach. Many policies require businesses to maintain a certain level of cyber security infrastructure for a claim to be paid out or have exclusions for certain situations. The language in the policy can be broad, depending on the insurer or policy, so small business owners should thoroughly discuss what is expected and how the insurer defines the terms of all requirements and exclusions.

Some insurance companies provide a risk self-assessment to businesses before agreeing to sell the policy. If the business doesn’t maintain the standards laid out in the risk self-assessment, or if the answers provided are false or misleading—even by accident—then the insurance company can void the policy.

These exclusions have already been upheld in many cases of data breach. In 2014, Cottage Health System in California settled a class action lawsuit against them for a data breach of more than thirty thousand medical records. Their insurance company paid the $4.1 million settlement, only to later sue Cottage Health System for the money back, citing the organization’s failure to meet minimum cyber security standards and inaccurate information given on the risk self-assessment. This case is still in process.

An exclusions clause in P. F. Chang’s cyber insurance policy cost the popular Chinese restaurant chain $1.9 million after its breach of customer data, which included credit card numbers. The policy excluded any “contractual obligations” that P. F. Chang entered into with third parties. In this case the court agreed that P. F. Chang’s contract with Mastercard to pay fines in the event of a breach fell under this exclusion.

In order to ensure their policies provide the financial insurance they’re supposed to, businesses should:

  • carefully read all requirements and exclusions listed in the policy and make sure all vocabulary is clearly defined to avoid ambiguity
  • answer all risk self-assessments accurately and thoroughly, avoiding or explaining absolute questions (yes or no) whenever possible
  • invest in the level of cyber security required by the insurance company, or better
  • make sure the policy covers all the cyber attacks the business is at risk for
  • have both first- and third-party coverage, if applicable

The last thing a business needs after a cyber attack or data breach is to find out their insurance won’t help pay for the damages.

The Growing Need for Cyber Insurance

The necessity of explicit cyber insurance coverage is only becoming more prevalent. Fines issued by the Department of Health and Human Services for HIPAA Privacy and Security violations range from the tens of thousands to millions. At the same time, state and international privacy laws, like the California Consumer Privacy Act and the EU’s GDPR, are stricter and impose increased fines that raise the cost of a data breach.

No matter how secure your IT infrastructure is or how diligent your IT department or MSP is, it only takes one employee clicking on the wrong link or visiting an infected webpage for cyber criminals to invade your systems. When that happens, small businesses need the financial support cyber insurance provides to investigate the breach, recover the business, and manage the public damage. Without aid, the cost of a breach may prove too expensive for small businesses.

 

Don’t let your insurance company leave you high and dry in a crisis. Contact Anderson Technologies today to shore up your cyber security infrastructure. Call us at 314.394.3001 or email us at info@andersontech.com.

A New Browser from Microsoft

/in , , /by

Here’s what might make it worth the download.

Since Internet Explorer hit peak saturation in 2003 with 95% of market share, Microsoft has been in a bit of a browser rut. Mozilla Firefox usage hit its peak in 2009, and the other major competitor, Google Chrome, is the current favorite with 69% of market share as of December 2019. But Microsoft’s new Edge browser could stand to upset that balance.

Built on open-source Chromium (originally developed by Google for their Chrome browser, and also a base for Opera), the new Edge, released January 15, 2020, offers almost all of the benefits of Chrome, as well as a few additional features.

Initial user feedback is in, and the new Edge could be a game changer in the browser wars.

What Makes Edge Chromium Stand Out?

Speedy and Resource Efficient: Though Edge is built on the same open source code as Google Chrome, its speed is significantly faster, even with multiple active tabs. It uses less RAM than the notoriously resource-hungry Chrome. For users maximizing efficiency and speed, the new Edge could make a difference in workflow. Browsing the web shouldn’t slow down other functions, and Edge makes that absolutely clear. Even the initial setup (with a profile imported from Microsoft or another browser) is almost instantaneous.

Built-In Security: Microsoft has developed a new feature called SmartScreen to aid in protecting users from reported phishing and malware websites. The new Edge comes with SmartScreen enabled, which displays a warning when users try to navigate to dangerous sites or download suspicious files.

Privacy as a Rule: Have you ever visited a website and then been bombarded with ads for their services on every other site you visit in that session? Trackers make these remarketed ads possible, and the new Microsoft Edge is designed to block them. Trackers capture information about users and how they interact with sites. They then relay that information to the site, connect it to social media accounts, and loop in ad servers. Users can select their level of protection, but all levels also block harmful trackers, like those involved in cryptojacking. While Firefox already offers this service, Chrome does not.

With such a focus on privacy, it’s no surprise that Edge meets the new industry standard with their InPrivate windows offering the same functionality as Incognito in Chrome or Private Window in Firefox. Edge also comes with pop-ups, redirects, and ads all blocked as the default.

Compatibility: Edge offers integrations with Azure Active Directory and Office 365 by IT administrators. Granular control over updates and group policy objects customize the browser for business needs. This feature, if fully utilized, could enable users to search internal company servers through their Edge browser instead of Windows Explorer.

Extensions: In addition to the growing library of Edge-specific extensions in the Microsoft store, Edge also works smoothly with most, if not all, existing Google Chrome extensions. Users focused on privacy and security can add another layer of protection to those already built into Edge.

Applications: When run on Windows 10, the new Edge provides the option for users to run websites as apps. Once set up, these apps are accessible through the taskbar or as desktop icons, and they cut down on running multiple tabs within the browser. This feature is especially useful with sites that a user might want to keep running all day, like Twitter or a time tracking application.

 

For users tied heavily to Windows OS and other Microsoft services, Edge adds functionality without adding load time and RAM. Microsoft does warn that Chrome users who integrate with Gmail may experience some incompatibility in the new Edge landscape; however, users overwhelmingly report that this hasn’t been an issue. Ultimately, the use of one browser over another often comes down to preference, but there are no major flags that should prevent users from including Microsoft Edge among their options.

Need help choosing a browser to roll out for your employees or finding which privacy features will best enhance your work? Contact the technology experts at Anderson Technologies at 314-394-3001 or info@andersontech.com with all of your questions!

Quotables: Work from Home Securely With These 6 Best Practices for Remote Working (Small Business Bonfire)

/in , , /by

Principal Farica Chang is featured in Small Business Bonfire, a gathering place and resource for everything small business, as an expert in remote work.

Click here to read the full article!

And read our Ultimate Guide to Secure Remote Work on our blog.

Are you in need of expert IT consulting?  Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses.  Let us help you today!  Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables?  This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers. 

Working from Home Due to COVID-19: Keep Your Company Data Protected

/in , , /by

Over the past weeks, we’ve worked with many of you to add or increase your work-from-home capabilities as a result of the COVID-19 pandemic. This move not only helps keep our coworkers safe but also our families and the greater community. As our team burns the midnight oil to do our part, our thoughts and prayers go out to everyone affected by this international crisis.

To better assist your work-from-home goals, please be mindful of the dangers of and best practices for remote work.

While social distancing is critical, we must also recognize the risks a remote workforce poses and be vigilant to keep our systems secure. Remote work immediately increases the vulnerability of your company’s cyber security. Suddenly, we’re no longer at one office location with multi-layered security measures in place.  Our surface of attack is exponentially spread into homes that aren’t equipped with enterprise-grade firewalls and onto personal computers that may already be compromised (studies estimate that 1/3 to 1/2 of home machines are).

COVID-19 Scams

Taking advantage of the interest and coverage of COVID-19, cyber criminals are using new tactics in their phishing and malware attacks. Fake coronavirus websites, often with legitimate information from trusted sources, are being created to spread malware. New phishing emails and clickbait links using similar messages are also spreading. Do not trust COVID-19-themed emails, even if they appear to come from governmental sources. If you receive one and think the information may be worth clicking, go instead to the organization’s website. Any official, legitimate updates will be included there.

Avoid falling victim to one of these scams. Follow basic phishing prevention as we’ve explained in our learn page and phishing quiz, and always go to official government sites for coronavirus information.

As with all phishing attempts, never open attachments or links in unsolicited emails. If you know the person who sent it, confirm with them that the email is legitimate first, preferably by means other than email as responses can be faked. When searching for coronavirus information, hover over the link before you click and make sure the URL matches the source it appears to be in search results.

Maintaining Confidentiality

Working from home presents unique challenges to the privacy of your work, but your company’s confidentiality policies and contracts remain in effect no matter where you are. This is especially important if you are subject to HIPAA or other governmental regulations. Keep up to date with all regulatory changes made to accommodate the novel coronavirus situation.

There are measures all remote workers should follow to protect the confidentiality and security of their work space while in a home environment.

  • Always lock your screens when you step away from the computer to keep curious children (or pets) from wreaking unintentional havoc.
  • Work in your own room or create a space away from other members of your household. The space should be isolated enough to avoid onlookers and to conduct work conversations without being easily overheard.
  • When using a company-owned device, keep it locked or turned off whenever you are not with it, and never allow others in your home to use it for any reason.
  • If using a personal device for work, create a separate, password-protected user profile to access company data from. Do not allow others to use this profile.
  • Keep any work papers or confidential information in a safe, preferably locked, place.

Home Network Performance

Home networks, including your internet service, are typically not as reliable as your office IT systems. With the additional load of millions of users across the nation trying to do the same things you are, you will likely face performance issues when working from home. Since home internet often isn’t as fast as your work connection, video conferencing may flake out and remote connections to your office network or devices may lag. The more people taxing your internet with activities such as online learning, streaming, gaming, or video chatting, the more likely you are to have performance issues.

Due to the increased need for high-speed internet to accommodate the sudden influx of both home-based work and schooling, some internet service providers (ISPs) are offering additional speeds for those with no or limited internet access at no extra cost. Others are removing data caps and related fees for those on fixed data plans. If you think you might qualify, contact your ISP for more information.

Home Network Security

Performance isn’t the only potential issue with a home network. Security is a big concern when connecting to the office network from home. Besides the obvious security measures such as having patched, up-to-date computers with strong anti-virus/anti-malware protections, here are a few more tips to securing your home network.

  • Update router firmware if needed.
  • Make sure Wi-Fi has WPA-2 or higher encryption with a strong password (not the default).
  • Update firmware in all IoT (Internet of Things—smart thermostats, cameras, etc.). IoT is often more vulnerable to attack and has been used to infect home networks.
  • Never use default passwords on any internet-connected device.
  • Remove or deactivate all browser extensions not necessary for work. They might seem helpful, but many have tracking embedded in them and some are vehicles for malicious code.
  • Use multi-factor authentication (MFA) whenever available.

Training & Communication

While knowing how to spot phishing and social engineering attacks is essential to network safety, that’s not the only kind of training those who work from home should receive.

Review relevant security and office policies and ensure that you know who to contact if an issue arises. What problems can be resolved by office staff or a coworker, and what problems need to go to IT experts? Work efficiency will suffer if you continually contact the wrong people to resolve your problem. Consider partnering with another team member to check in about potential suspicious activity or emails before reaching out to an IT professional. You may not be alone in experiencing an issue or threat.

 

We’re already taxing our systems and IT personnel; don’t give criminals the edge. Be even more vigilant at home. It’s easy to become relaxed in your own space, but those with malicious intent are also working overtime to capitalize on our situation.

Quotables: Is Your Workforce Suddenly Remote? Here’s What to Know About Cybersecurity (CO by U. S. Chamber of Commerce)

/in , , /by

Principal Farica Chang is featured in CO by U. S. Chamber of Commerce, a resource for everything business owners need in times of national emergency and otherwise.

Click here to read the full article!

And read our Ultimate Guide to Secure Remote Work on our blog.

Are you in need of expert IT consulting?  Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses.  Let us help you today!  Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables?  This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers.