For most small and mid-sized businesses (SMBs), struggling with shrinking budgets, cybersecurity strategy ends with firewalls and endpoint anti-malware software. But that’s not enough for today’s high-risk environment. Months into remote work, many SMBs are still unprepared for secure remote work, writes Daniel Eliot, Director of Education and Strategic Initiatives at National Cybersecurity Alliance. As part of Cybersecurity Awareness month, Eliot discusses how small businesses that were caught off guard can adapt to evolving threat environments.Â
The pandemic caught everyone by surprise and escalated at a rate many businesses were unable to keep up with. Although everyone struggled, large organizations had the resources to shift their employees to a remote setting and continue operations as normal as possible. However, small and mid-sized businesses (SMBs) were not prepared for the sudden shift and struggled to keep up with large-scale remote work migration.Â
Not only did this create issues for how these businesses operated and generated profit, but it created countless security holes within organizations. For example, in mid-April, at the height of the pandemic, 46% Opens a new window of SMBs planned to defer or cut their investments in software.Â
These organizations should be moving in the opposite direction, investing in more software and technology that can be used to protect their employees from cyber threats. With remote work remaining a part of the â€˜new normal’ moving forward, SMBs need to be prepared with proper security protocols.Â
Learn More: A CTO’s View on the Future of SOAR
SMBs Caught Off Guard â€“ The Root of the Problem
After the pandemic universally upended the way countless industries and organizations operate around the globe, business leaders had to adapt to a new concept of â€˜normalcy’. Coupled with the breakneck speeds at which the shift to distributed workforces occurred, most organizations didn’t have time to acclimate their IT teams, educate their employees or provide them with safe hardware and software solutions to do their jobs without creating an expansive cyber threat environment in the process. The resulting remote work infrastructures left millions to perform their daily tasks using insecure personal devices and networks to access sensitive information.Â
Businesses scrambled to integrate VPNs and remote desktop services to allow employees to work efficiently. And without the proper guidelines or best practices for approved software solutions, most were left to their own devices when it came to using collaboration tools, file-sharing platforms, and other digital solutions to create a more efficient work-from-home environment.Â
However, these tools exacerbated the potential for outsider data theft, especially because most personal devices lack sufficient firewalls, encryption, and network protections that are typically found inside corporate networks â€” ultimately allowing bad actors much easier access to organizations’ data.
The rise of video conference services like Zoom was also slow to adapt to the massive growth in remote employees, leaving a sizable amount of video conference sessions open to uninvited attendees (dubbed â€œZoom Bombersâ€). For example, former California governor Arnold Schwarzenegger was recently Zoom BombedOpens a new window during a call about redistricting, showing this is still a problem months after the pandemic began. Eventually, Zoom managed to create more robust protection measures and overhauled their encryption measuresOpens a new window , granting them to all levels of users (free, paid, etc.).Â
Considering video conferencing will remain a staple of distributed workforces moving forward, along with its general ubiquity as a primary conferencing solution thanks to the pandemic, Zoom’s is an interesting and informed case study in the pitfalls associated with mass adoption. While its response is a lesson for online collaboration tools across the board, a message that remote work is the new normal and with millions of people worldwide depending on these tools, a lapse in protection measures could be catastrophic.
There’s plenty of speculation around what the new normal will be for businesses, but one thing is clear, remote work is here to stay. Even with offices beginning to reopen, a large chunk of employees will opt to work remotelyOpens a new window due to health concerns and companies realizing work-from-home policies are an efficient, productive way to operate their businesses in a post-COVID world.Â
However, because not every business was adequately prepared for a sudden shift to remote work, respective IT teams likely never had a chance to prepare or brief respective workforces on best practices for keeping themselves, as well as their organization’s data safe.Â
The below guidelines, however, can help mitigate the threat vectors that remote workers face on a daily basis:
- Ensure home networks are secure/password protected and use a VPN to connect to work servers
- Separate your network so your company devices are on their own WiFi network, and your personal devices are on their own
- Always update devices and software when available
- Keep devices with you at all times or store them in a secure location when not in use
- If payment card information is being collected, ensure the information isn’t being written down but entered directly into a secure point of sale system
- If workers have a device provided by the employer, limit the use/access strictly for work. Don’t use the device for personal use
- Follow basic security hygiene like creating strong passwords and keeping an eye out for the influx of scams related to coronavirusÂ
Businesses should not only establish security policies for remote working, but also train workers on these policies. The current environment prohibits routine IT visits or requests to fix issues and maintain cybersecurity hygiene.Â By ensuring all workers have a basic education on the vulnerabilities their organization faces, employees are better equipped to collectively do their part. Moving forward, it’s imperative SMBs, IT professionals and their employees work together to create a work environment where cybersecurity initiatives remain a top concern at all times.