The IT challenges of remote offices
The remote office environment will be with us for some time to come due to COVID-19 restrictions.
Most of us didn't have time to develop a carefully thought-out plan for how to make the remote working environments fully compliant with safety and security standards. Most businesses were forced to convert to remote practically overnight. But we've had the better part of a year to get used to this "new reality" and we should look at what lessons we learned and how to do things better going forward.
We are all hopeful that the COVID vaccine will return us to a more normal working and living environment later this year. But in the meantime, we must do everything we can to protect our businesses and the infrastructure that supports them.
An unexpected and unwanted breach can be costly, and in some cases, deadly to a business.
The best protection is to have an infrastructure that is as impenetrable as possible. But the latest firewall protection and anti-virus software is only as good as the people who use it. Most research points to an alarming statistic -- namely, that 90% or more of successful hacks or breaches occur due to human error.
Email phishing is one of the oldest hacking techniques out there. Cyber criminals send out mass emails that appear to be from FedEx, PayPal, a bank, a subscription service or some other organization most people recognize. The email asks you to verify the account or delivery information by clicking on a special link. Once people do so and enter their login information, the hackers get access and can steal information and cripple your website.
Business owners should develop an ironclad set of policies around internet and email use, as well as provide regular, ongoing training for employees. This is especially so with remote locations where employees may have less formal guidance in what is and is not acceptable.
The policy should include key points such as:
a. No company information allowed on an employee's personal devices without specific authorization.
b. Verify everything.
c. Change email passwords at least quarterly. Avoid simple "1234" passwords, which are easily figured out.
d. For videoconferencing (Zoom, for example), make the meetings password-protected.
e. Employees should not post company news to their personal Facebook or Instagram or other social media accounts without express permission.
f. Companies should designate an individual who will be a "go-to" source for employees who have any questions about the IT policies or protocols. And encourage employees to ask questions.
g. Add a cloud-based data protection system, usually available at a reasonable monthly price, to provide additional cyber security protection.
h. Resist "free software downloads" over the internet, regardless of how appealing they may look. Every visit to an unknown site increases the risk of a breach.
i. Consider initiating two-factor authentication for access to company websites.
j. Avoid using public Wi-Fi networks at places like restaurants, coffee shops or malls. A good way around it is to use the "personal hotspot" available on your Smartphone.
Two final points: provide ongoing, regular training of employees, whether "live" or over Zoom. Have your designated person instruct people on what to watch for and what to avoid.
Have practice sessions. Consider contracting with a company that will do a vulnerability test on your infrastructure -- identify the weak points and outline corrective steps that you can take.
This all takes time and effort. But this is one of the best investments you will make. The security of your business hangs in the balance.
• Chip Miceli is CEO of Pulse Technology in Schaumburg.