The pervasive and continuing impact of COVID-19 on American business cannot be denied. Overnight, every business became a remote business as those sheltering in place used desktops, laptops, tablets and mobile phones to keep working. Remote workers now need to access small business’ sensitive customer information from anywhere, and that keeps many business owners up at night.
How can you give your employees what they need without putting your sensitive customer information and operational data at risk? Our Carmichael Consulting Solutions team recently brought together leading security partners for a webinar entitled, “Working Securely from Anywhere,” to answer that deceptively simple question.
Security experts from Carmichael, OS33, Avaya and Broad Sky cautioned small business owners to take the time to thoroughly understand and appreciate the psychological effects of the current pandemic on their employees’ psyches. They pointed out that many employees and contractors are functioning at a less than optimal level. Hackers who are well aware of the current preoccupation with social distancing, handwashing and sheltering in place, see the current environmental conditions as major motivation to step up their nefarious activities.
Many of the small business owners taking part in the call were dismayed to find that 75% of all business workers use three passwords to access all the company’s computer systems. This news, the expert panel explained, simplifies hackers’ jobs significantly. Considering it only takes a hacker four minutes to gain entry to a business system, finding a single password often gives them entry to multiple key systems. Most of the small business owners were shocked to learn that, on average, it takes 99 days or more for owners to realize they’ve been hacked. During that period of extended time, hackers can do so much damage to a company’s operations and reputation that many of them are unable to recover and simply shut their doors.
In addition, the expert panel urged small business owners operating in regulated industries to understand that mandatory require audit trails and secured access to company data are the same regardless of location. For example, those in financial services will find that compliance mandates’ unilateral application, which means remotely located individuals are subject to the same strict expectations and threat of fines that govern business conducted in office settings.
Beware of home machines’ operational status
This news can be alarming when you consider that the desktops, laptops, tablets and mobile phones being used to access sensitive corporate data use the same network that supports children’s and teenagers’ gaming systems, baby monitors, kitchen appliances and home security systems. All of those devices are part of the Internet of Things (IoT), and many homes have as many as 60 devices tapping into the IoT infrastructure. For that reason, it is imperative that remote workers maintain a separate, secure connection from their home Internet for each work-related device.
Many people keep older Windows 7 computers and Macs at home as backup devices. Their outdated software and unpatched security apps did not require attention because the devices were used only occasionally, However, with the onset of the COVID-19 pandemic, many of these machines have been pressed into service – putting corporate systems and data at risk.
Four-point security checklist for small business
The expert panel offered this comprehensive security checklist to small business owners managing their newly remote workforces:
- Devices: Each device needs to have updated anti-virus and firewall protection. Devices that do not comply with this directive should be remotely remediated before being used for work purposes.
- Users: All users should be required to use two-factor authentication, and no user should be allowed to synch a device being used for work to a Google account.
- Applications and Files: Only business-authorized applications should be placed on devices communicating with corporate systems regardless of who owns the device. In addition, each employer should provide remote users with a secure way to transfer and back-up files.
- Audit trails: Regulated firms are required to maintain the same evidence and compliance logs to document work performed remotely as they do for operational offices.
Small business owners also need to consider how most of their remote workers, as many as 75%, are using their mobile phones to conduct business. The majority of employees reject the idea of using a separate company-issued mobile phone for many reasons, not the least of which is user privacy. To secure mobile-dependent business communications, small business owners can work with mobile carriers to put all their communications on a single platform, providing employees with a single number. Not only does the single-number approach greatly simplify billing allocation to cost centers, it opens up an entire world of analytics that can identify and resolve calling, usage and technical issues.
It looks like the pandemic will continue with us for several months, perhaps even several quarters. Because there is no guarantee this epidemiological pattern will not repeat in the future, small business owners who take the time to secure their remote workforces now will be better prepared for the future as well.