Small businesses have been forced to adapt rapidly to this new working reality – and one of the key business challenges is maintaining cybersecurity while every employee works from home.
Many small companies could support occasional remote working, but very few were set up to enable all employees to work from home, all of the time. Moreover, the sheer speed of the change left IT teams little time to plan.
Maintaining security in this unprecedented environment is a daunting prospect – and all of this comes at a time when revenues may have been severely limited by the outbreak.
But by focusing on the basics and staying positive, you can establish and maintain a secure way for employees to work from home.
The coronavirus security challenge
The COVID-19 outbreak represents an unparalleled security challenge for IT teams. But unfortunately, malicious actors are also taking advantage of the situation to target victims with cyberattacks.
Our threat intelligence team, Cisco Talos, has found multiple malware families being distributed with coronavirus lures and themes. Recipients are invited to click on links or open attachments relating to the disease, unfortunately an effective approach due to the sheer volume of legitimate emails on this topic.
Maintaining security in the face of these attacks is also problematic because small businesses might not have the infrastructure in place to support continuous remote working.
Only 31% of SMBs use a virtual private network (VPN), 24% use multifactor authentication (MFA), 27% use end-point security and 29% use cloud threat protection, according to a recent survey.
These relatively low levels of uptake aren’t aligned with the realities of modern-day threats. Four fifths of breaches involve compromised credentials (81%) and 52% of small businesses believe that mobile devices are challenging to defend.
IT managers must contend with this new security landscape while dramatically increasing support for remote workers, potentially without dedicated cybersecurity staff.
But there are steps you can take quickly to put a first line of defence in place – and help is available to make it happen.
Establishing and maintaining a secure network
When speed is of the essence, it’s critical to focus on the basics.
1) Protect workers from malicious internet destinations, either on-net or off-net
Ensure you have a first line of defence against threats on the internet wherever users go, to stop threats coming through in the first place. Cloud-delivered services are available that provide secure access to the internet and usage of cloud apps everywhere.
At the same time, remind employees to be vigilant and stay sceptical about emails on the pandemic to support your efforts.
2) Provide remote access to corporate resources from remote locations
Limiting access to critical data and applications will help to protect the business – and not every employee will need every resource. After you have identified who needs what, implement a virtual private network (VPN) to enable secure access to the business network for employees on any device and in any location.
3) Verify user identities and establish device trust
As mentioned above, 81% of breaches involve compromised credentials. Ensure that you can verify the identity of all users before granting them access to corporate applications. Multi-factor authentication protects your applications by using a second source of validation, to verify user identity before granting access. This process can be made very simple for employees, such as a push message sent to mobiles for them to tick, and it will ensure that all users are genuine.
4) Don’t try to create a lockdown environment
Don’t feel that you have to lock everything down. This can make it too difficult for employees to do their jobs. Remember, the first layer of defence can easily and quickly be put in place – to keep people working safely without too many hindrances.
5) Don’t feel overwhelmed
We’re all facing an environment that’s extremely challenging right now. But you’re not alone, and it might be worth considering outsourcing or engaging partner support. Technology providers like the team here at Cisco are offering free or expanded licenses to help businesses with their security and collaboration needs in this critical time. Many of these services can be cloud-delivered, so no one will need to set up the infrastructure in the office.
Easing the pressure
As an IT manager, you might – very understandably – feel under a lot of pressure right now. But while security is important, it doesn’t have to become a huge, overwhelming project. Start with simple, cloud-based security solutions and you’ll quickly be in a strong position.
Use collaboration tools to ensure you can work on projects together with others. Using effective video conferencing platforms, with screensharing and virtual whiteboards, can allow you to collaborate as effectively as if you were in the office.
Remember to take care of yourself. Stay in touch with the teams that you’re supporting and share your experiences – not only about IT, but every part of your day. Small businesses especially can be used to much more personal contact in the office every day, and now that’s on hold it’s important to maintain the bond.
And of course, be patient with your colleagues. Whether it’s coping with children or animals in the house or caring for others, we’re all working in circumstances that we didn’t choose or anticipate. Being flexible will help everyone to stay positive.
These are unprecedented times, but we’re all in this together. And by putting basic protections in place, drawing on the support offered by security partners and easing the pressure on yourself, you can make sure that security isn’t just another thing to worry about.
Check out more tips from Tech Connection on maintaining security as a small business. You can also learn more about small business security solutions that can limit threats, not your business and how Cisco is helping to support small businesses to recover from the economic impact of the global pandemic.