In March 2020, the British Government, like many others worldwide, made the transition into a period of ‘lockdown’ designed to mitigate the impact of the novel coronavirus, COVID-19. Following the lead of other nations, people in Britain were told to minimise non-essential travel, stay at home, and work from there if possible. As Fifty Five and Five completed our own transition to all-remote working, we witnessed businesses and employees all over London making their own arrangements. Our head office is located in the heart of the UK’s capital, and on that busy evening we saw countless city workers on their way home with the familiar laptop bags but also monitors, keyboards, and many folders of documents. Practically overnight, the home office became the office. In their scramble to set up a coronavirus lockdown home office, workers are keen to make sure they can reach all the vital business data they need. However, are they neglecting security in this rush for access? With that in mind, take a look at our top 5 tips for cybersecurity during COVID-19.
1. Stick to password best practices and do testing
The longer and more complex your password is, the harder it is to guess or crack. When you create a new password or change an existing one, password managers such as LastPass (our favourite) or Google Password Manager will generate a lengthy random password containing a combination of different letters (capitalised and lowercase) as well as numbers and special characters.
What’s more, these password managers will even audit the security of all your passwords for you. They’ll investigate and notify you of any low-complexity bad apples in the barrel and whether you’ve duplicated the same password across multiple accounts. Just make sure that you have a strong password for the password manager itself – it’s the key to your entire kingdom, after all.
2. Set up two-factor authentication
Also known as 2FA, two-factor authentication means having an extra step of security. So, as well as entering their password, a user will have to authenticate their identity in another way – for instance entering a code they’ve received or clicking on a link in their emails. It’s a powerful, fundamental tool in enabling secure remote working.
You and your users have probably already encountered 2FA during password recovery or when signing up for a service. It’s common to receive a PIN number via text message to enter for second-step authentication, as it’s less likely an intruder will have knowledge of your password and access to your mobile device. Implement two-step authentication wherever you can and encourage your personnel to set it up and use it, too.
3. Guard against shadow IT
‘What is shadow IT?’, you may be asking. Simply put, it’s software or hardware that’s being used within your organisation for business but hasn’t been authorised by system administrators. They may not even know about it. It’s just lurking in the shadows, posing a risk from security flaws, malware and simply being outside your scope of control.
Administrators can help to ensure that authorised software is installed or accessible for your users, and that running or installing unauthorised software is blocked. Restrictions can be applied even if it exists in the cloud, where much of today’s software-as-a-service lives. If you allow employees to use their personal laptops or other devices for work, consider making this conditional on whether they agree to use company-sanctioned solutions. At the end of the day, secure remote working comes first.
4. Ensure devices are protected with antivirus
This may seem obvious – who doesn’t use antivirus in 2020? – but it’s still important to remember to use your antivirus solution effectively. For instance, all personnel should be using the same solution, whether that’s Kaspersky, AVG or trusty old Windows Defender. Just like any other kind of process, when security processes are standardised, they’re easier to manage – an old universal truth of system administration. As explained earlier, this is no time for shadow IT.
Make sure your antivirus software and its virus definitions database are kept up to date. If you can, ensure that they can only be switched off by an administrator. And if, for whatever reason, your staff need to switch off the antivirus software temporarily, or set an exception, they should consult IT staff. Protocols and security standards like these should be kept high at all times, not just for cybersecurity during COVID-19.
5. Keep apps and operating systems up to date
As well as keeping your antivirus solution up to date, it’s important to keep all your other software updated, too. Out-of-date software can hide a multitude of unpatched security holes and bugs. That goes for your operating system as well as the applications that run on it.
If your IT staff aren’t already doing so, they should consider auditing how up to date your software is, to get an idea of what and where the weak spots are. Depending on your systems, they may even be able to roll out updates remotely across all your business devices. Just like there’s no such thing as being ‘too secure’, there’s no such thing as ‘too up to date’.
Confident of your cybersecurity during COVID-19?
We hope our tips for secure remote working in the coronavirus crisis have been useful. When you’re confident that you’ve done everything you can to secure your systems and protect your data, that’s one less thing to worry about. Perhaps that’s one of the most important benefits of staying secure right now.
Want to make security a selling-point?
If you’re confident your security makes your business look good to prospective customers, Fifty Five and Five can help you tell that story.