Small business owners have had a lot to worry about over the past month and a half. Retail shops and restaurants have been forcibly closed by executive order. Teachers, coaches, lawyers and accountants have all moved online. Even happy hours are now virtual. Telemedicine, virtual classrooms, and video conferencing are all here to stay. Every business has been moved to a remote home office.
With all this focus on digitization, adaptation and survival, it’s equally important to ensure the new processes and technologies you’re using at your home-based office don’t introduce new and unnecessary risks. Let’s face it, your employees need to access your business software and files from home in order to do their jobs. Your teams need chat and collaboration tools to be able to work from home on projects and coordinate with customers. Brick and mortar stores need eCommerce sites to stay afloat and generate cash. But if hastily implemented and poorly secured, these great technology assets can quickly become a liability for your small business.
What to do in the short – and longer – term
Here are a few things every small business owner should take stock of right now.
Limit use of personal computers & devices
While many employees may have work laptops they use at their remote home office, it’s likely you’ll see more personal devices accessing business data. This could be an employee drafting an important sales proposal on their home PC (which may also be shared with their teenage kids), or be something as innocent as using a personal phone to make business calls. Every time you have business data that leaves your network or being stored or processed on potentially insecure devices, you’re increasing your risk of a data breach, theft, or loss. This is especially important if you deal with sensitive personally identifiable information (SPII) or are subject to industry or contractual confidentiality requirements. Securing your home office is a top priority project.
Keep software secure and up-to-date
Ensure that all machines being used to handle business data remotely are protected with the latest security patches and antivirus software. Windows releases major security updates on the second and sometimes fourth Tuesday of each month. The maker of your business software will have their own schedule. You can check their website to see if you’re on the latest version, or usually go to the About menu in your program to either turn on “Automatic Updates” or do a manual “Check for Updates”. Most anti-virus programs require updated virus signature files in order to detect and block the latest threats. Make sure yours is running and set to auto-update.
Enable multi-factor authentication (MFA)
If you use a lot of online business software (software-as-a-service or cloud software) and you’re serious about improving security, turning on MFA is probably the single best thing you can do. The majority of cyber attacks start with a compromised password. MFA ensures that in addition to a valid username and password, you need the matching Authentication Code for the account in order to login. This code changes every 45-60 seconds. Not every SaaS solution supports MFA, but if it’s an available option in your Admin settings, you should definitely turn it on.
Beef up your home network security
Now more than ever, remote and home-based workers must be diligent about what types of systems are on their home network that could become an attack vector for a cybersecurity threat. If you have connected devices such as online security cameras, smart speakers, smart appliances, smart TVs, connected printers, or home automation, you may already be at risk. A properly configured smart firewall can help prevent attacks by blocking any internet traffic using non-standard communication ports, or going to/from a list of known “bad” IP addresses.
Remember that humans are the weakest security link
All members of the household need to be trained on good security practices. This includes how to avoid falling victim to an email phishing or ransomware attack, paying close attention to unusual or unexpected email attachments, never clicking links in emails, and avoiding “clickbait” ads on webpages. Kids and members of the household who are not actively working from home may be especially vulnerable to these attacks if they’ve had no previous training or experience with good cybersecurity practices. An infection on your teenager’s iPad can easily spread through your network and compromise your work laptop.
Secure and control your data
Whether your employees work from home with paper files or everything is digital, it’s important to retain central visibility and control of business data wherever it resides. Where possible, employees should continue to use company approved secure data storage solutions, even while working from their home office. If you don’t have a company VPN and they can’t access company shared drives when they’re away from the office, now may be the time to invest in a business subscription to a popular cloud or file-sharing network like Microsoft 365.
Backup your business data
With people and data in disparate locations, and remote work happening on computers and devices with varying levels of security and quality, it’s more important than ever to have a solid, business backup plan. If an employee’s laptop died or got hacked, it could easily take 3 times longer than normal to get an IT person out to their home office to fix their computer and restore their data. With a recent data backup, they can get back to work in minutes, and you avoid days or weeks of hassle and downtime.
This country would grind to a halt without the products and services that Main Street small business owners provide. In these difficult times, when small business owners across the country are struggling to stay alive – and looking for ways to pivot and thrive – the last thing they need is to face a security or IT related setback. These simple work from home tips can help you avoid potential landmines that could put your business and home office at further risk.
If you have questions on any of the recommendations above, I invite you to call me at 561-747-6880 or reach out via email. For anyone who needs or wants it, I am also making available 100 individual data backup plans (1 PC, 100GB of data) for free during this pandemic.
Cathy Miron is the CEO of eSilo, a Jupiter, FL based business data backup and data protection company, that serves small businesses and non-profit organizations. She is a certified small business mentor with SCORE, and a Board Member of the Palm Beach Tech Association, a 503(c)(6) organization.