Ari Baranoff, Managing Partner & Founder | BlueCoat |
As we quickly turn to the virtual management and leadership of our businesses and teams, several colleagues have asked me to share my thoughts on managing unforeseen risks associated with a remote workforce, during this rare time in our history.
For many, running your business outside of arms reach is a new endeavor that comes with a multitude of challenges. That said there are a number of fundamental best practices for companies to consider when setting up employees to work from a home office.
(1) Issue Laptops – I recommend Issuing your employees computers versus utilizing personal devices for work matters. Restrict staff from engaging in social media, personal email, logging into personal bank accounts, among other items on work computers. Commingling work and personal chores could inadvertently invite an adversary to your company’s doorstep. Moreover, staff are more likely to think operational security when it comes to a company issued computer, thus avoiding phishing and fraud attempts. Companies must have the ability to remotely wipe the machine clean of any proprietary information in the rare circumstance that the device is lost, stolen, compromised, or the employee is found to be engaging in inappropriate conduct.
(2) VPN and Strong Passphrase Management – There are several VPN services available for a nominal cost that provide for an encrypted tunnel to protect your communication. It goes without saying at this point, that a strong passphrase (20 characters minimum) or “Password Generator” random passwords are better options. Of course, always remember to change the default passwords assigned to you by hardware and software providers, ISP’s, etc.
(3) WiFi – The preference for WiFi would be to use your home WiFi (plus VPN) or personal mobile hotspot (i.e. Verizon Jetpack). Generally, publicly available free WiFi access points lack the level of security required to protect your communications.
(4) Multi-Factor Authentication – Years ago, while leading the cyber investigative mission at the Secret Service, I emphasized the importance of multi-factor authentication as one of the best mechanisms for challenging an adversary. The same stands today and there are many more opportunities to adopt this safety feature. This is a simple and effective must for business. Think concentric rings of security; Something you know + Something you have + Something you are.
(5) General Cyber Hygiene:
a. Auto Lock machines when idle.
b. When practical, utilize private space free of recording devices (video, smart speakers, etc).
c. Strong passphrase for opening and logging onto your device.
d. Avoid the use of removable media.
e. Encrypt or password protect all sensitive files being transferred or stored electronically. Most Microsoft and Adobe products offer this ability.
f. Avoid requesting invoice payments or providing payment instructions via email. Adopt a policy that requires confirmation of financial transactions the old-fashioned way – Call first. Business Email Compromise also known as “BEC” fraud is a billion dollar industry and growing.
There are many more ways to protect your virtual infrastructure, but at a minimum incorporating some of the above recommendations for the remote workforce supports resilience. Most of all convey a sense of trust to the staff – An empowered team is a productive one.