Due to the COVID-19 pandemic, most organizations were forced to quickly adapt to conducting their business and working with others in a remote capacity. While a majority of large enterprise organizations were reasonably well equipped to handle such a sudden shift, some rushed to expand their networks and capabilities to meet the demands of employees. This often meant making compromises for the sake of expediency, and setting themselves up for a number of challenges later.

Small businesses faced even greater difficulties, as some didn’t have the tools and bandwidth readily available for such an emergency, nor did they have enough flexible capital to buy it in a timely fashion. Yet well over a year later, everyone continues to try their best, and has (for the most part) adjusted to the day-to-day new normal of working from home or in a hybrid office environment. The problem is that while organizations of all types have been busy fundamentally changing how they operate, cyber criminals have been busier than ever attempting to breach weakened defenses and take advantage of new security gaps accidentally created during the shift to remote work.

There was a 33% increase in malware attacks during the first few months of 2020, and that percentage has only gotten higher since then. Late spring and early summer of 2020 saw a 600% increase in phishing attempts, while there was a 630% increase in threats targeting cloud services. These numbers are worrisome, and a big reason why IT administrators and security professionals need to redouble their protection efforts.

Given that a security breach almost always results in lost/stolen data, disruption of business, heavy financial costs, and damage to your reputation, it remains essential to keep your network, systems and employees safe. This is especially true for small businesses. So here are a few relatively easy and somewhat inexpensive ways to help strengthen the security of small businesses throughout these uncertain times as many continue to work from home.

Use a VPN

Establishing your own Virtual Private Network (VPN) enables users to securely connect with the network, servers, and cloud services back at the office. This creates an added layer of protection for your endpoints, particularly in situations where employees are using personal devices (laptops, tablets, etc.) to conduct company business while at home. A VPN also makes it that much easier to access critical files and applications, share documents, and collaborate with co-workers.

Change Cloud Passwords Regularly

As mentioned earlier, there has been a 630% increase in attacks on cloud services over the last year, and that’s largely because so many organizations rely on the cloud to store critical data and applications. While most cloud providers have their own security that is generally strong, attackers have found the most success breaching with a stolen or hacked user password. In order to prevent this from happening, it’s important to require users to change their passwords on a relatively frequent basis. Even more important is imposing strict guidelines to ensure strong passwords. This includes a combination of upper and lower case letters, along with numbers and symbols. Also make sure all passwords are 14 characters at a minimum. The longer the password, the harder it is to crack, and the less frequently you’ll need to change it.

Use Multi-Factor Authentication

In addition to a strong and regularly changed password, enabling multi-factor authentication into your security infrastructure makes it that much harder for cyber criminals to breach your remote environments. When attempting to access a VPN, cloud, or application, users will first be asked to enter their password, and then be required to do one of the following:

• Approve a push notification to their personal device (smartphone, etc.)
• Enter a limited time code via a token or smartcard they are carrying
• Submit some type of biometric identification (fingerprint, retina scan)

This ensures that even if a password has been stolen or hacked, an attacker will not be able to gain access to sensitive areas or materials without additional approval methods. Many multi-factor authentication solutions are easy to use and relatively inexpensive for those operating with a very limited budget.

Keep Your Security Up To Date

While rushing to get every employee set up with all of the essential equipment and applications required to work from home, a few things might have fallen through the cracks. One of them could be regular updates to your security solutions. If you miss an update, you could also be missing bug and security flaw fixes that cyber criminals could use to their advantage. Staying on top of those things pays dividends in the long run, and will continue to ensure your critical assets have optimal protection for the future.

Secure All Devices and Endpoints

Yes, a VPN will give your users an extra layer of protection when they access the company network, servers, and cloud services, but there are still other back door entrances attackers can use to try and breach your systems. If remote employees are using personal devices for company business, that doesn’t prevent a malware intrusion or phishing attempt from finding its way onto that device and exploiting it to gain entry to your network. The employee may visit a malicious site by accident during their off-work hours and might not even realize it, leading to problems when they log in to work at home the next day. In lieu of providing every user with a designated work laptop and/or phone that has a whole host of security features already installed, you should require all employees to download and install strong security solutions on any personal devices that will be used to access corporate assets. This will harden your overall security posture and significantly reduce the risk of a breach through an unprotected endpoint.

These are five relatively easy and inexpensive ways to help keep your organization secure while everyone continues to work from home. Even small businesses should be able to adopt them without much difficulty. If you need to set up a VPN, deploy multi-factor authentication, and/or find security solutions for your remote workforce, please don’t hesitate to contact Fortis for more information. Our experts can provide guidance, and we even offer workshops to help uncover any weaknesses or gaps in your remote security infrastructure.