Blog
  /  
Security
  /  
8 security tips you and your employees should follow daily

8 security tips you and your employees should follow daily

Author
Michael Davis
Contributing writer, BILL
Author
Michael Davis
Contributing writer, BILL
illustrated padlock Header imageHeader imageHeader imageHeader image

As remote work appears to be the new norm, it is important to practice save cyber security measures in your home office too.

We want to walk through 8 simple steps to keep your employee and company data safe from online attacks.

8 WFH cyber security tips to keep your company safe

  1. Change passwords regularly
  2. Secure your home network
  3. Use a VPN connection while working
  4. Do not open unknown emails
  5. Update software regularly
  6. Use multi-factor identification
  7. Use work devices for work purposes
  8. Create a remote employee work policy

1. Change passwords regularly

Last year, the largest data breach to date exposed over 770 million email addresses and passwords. Unfortunately, these breaches are becoming more common.

Part of the problem is that people have been trained to follow bad practices for setting passwords, and they, frankly, don’t know any better. Guessing passwords is one of the easiest ways for hackers to gain access to business information.

Alarmingly, 59% of people use the same password for everything and 35% don’t ever change their passwords. Businesses need to train their employees to use a different password for every login they have. This used to be an impossible (because who can remember over 100 passwords?), but now, software like 1Password or LastPass make it easy. Even your Chrome browser will suggest and store secure passwords for you.

Implement a policy that your employees use a password vault like this. You can also set up timers on login-required software that forces employees to change their passwords often. Best practices currently recommend long passwords (over 12 characters in length) rather than overly complicated character passwords.

Following password best practices is the easiest fix to preventing cyber security problems. Make sure your passwords are secure to keep your business safe.

2. Secure home networks

With so many employees working from home, you’ll need to make sure your employees know how to secure their home Wi-Fi connections.

Start with the basics by having them set a secure password (see above) on their router. One study shows that 69% of people don’t change the default password on their router. Don’t let your employees fall into this trap. It takes less than a minute to change your Wi-Fi router and can tremendously boost your security.

Next, instruct employees to monitor all devices accessing their Wi-Fi—the same study found that 70% of people have never checked the saved devices connected to their Wi-Fi. Most internet providers make this easy to do. If you download the app or log in to your account, you can see a list of exactly who or what is on your Wi-Fi.

Finally, suggest that they create a separate Wi-Fi network for work and personal use. It’s not too complicated to configure multiple networks on one router; employees should be able to contact their wireless providers for step-by-step instructions. If someone hacks into the Wi-Fi account they can then access all devices connected to that particular Wi-Fi network.

By following these steps they can stop hackers from trying to monitor their usage and block them from easily getting access.

3. Use a VPN connection while working

A VPN, or Virtual Private Network, is an application that encrypts internet browsing to help protect the user. Globally, 26% of internet users have used a VPN previously and many companies offer them for work outside the office. In fact, 400 million businesses and direct consumers use VPNs worldwide.

There are many different VPNs you can institute for employee-use. They encrypt data and make sure your employee’s IP address is hidden, boosting their cyber security. Employees can access VPNs on their laptop or mobile phone which is important as they work from offices other than the main office building.

4. Do not open unknown emails

Verizon Data Breach Investigations stated that 32% of breaches involve phishing. A phishing email is a type of scam from an unsecure source pretending to be a trusted individual, such as a bill collector or even a CEO. Email scammers of this sort will try to lure sensitive data out of your employees—things like critical names, financial log-ins, or other sensitive information.

While you may have trained employees to watch out for phishing emails previously, you will need to offer even more reminders in these uncertain times. Not only are scammers increasing the numbers of attacks, employees are falling prey to “urgent” messages because they don’t seem as out of the ordinary right now. In fact, click rate on phishing emails has risen from less than 5 percent to over 40 percent in the current crisis, (according to Karl Sigler, senior security research manager of SpiderLabs at Trustwave).

Your employees can prevent phishing attacks from cyber criminals by verifying who the correspondence is coming from (the sender name and sender email address match) and that the email is coming from a valid email address (this is a key indicator). As a rule, train employees never to click on any in-email links from suspicious senders.

Scams are always on the rise. Be aware of the different types impacting businesses right now and learn how to identify these scams and protect your business before you fall victim.

5. Update software regularly

Software updates are a quick and easy way to prevent unwanted hackers from accessing your employees’ data. When you update software it can fix any security flaws that previously existed, ensuring your data stays safe.

To make sure your business stays safe, have your employees turn on automatic software updates on their devices and report anything that doesn’t work correctly or appears suspicious to your security or IT departments when issues first arise. A few minutes can save your employees and company a lot of hassle.

In the Equifax data breach of 2017 there was a software update available a couple months prior to the breach that would have fixed the bug that allowed the hackers to get in and access data.

6. Use multi-factor identification

Multi-factor identification or authentication, MFI or MFA, requires employees to provide at least two forms of verification before accessing whatever data they’re trying to enter. Forms of identification may include tokens, fingerprints, passwords, and codes that are sent to their registered email addresses or phone numbers.

Although it may feel time consuming to put in a little extra information, Google says this cyber security measure will block 100% of automated attacks.

MFA is effective because a hacker must access more than one device and likely doesn’t have that information readily available (phone, verified email account, etc.). These verification devices tend to be trusted devices, meaning they’ve been verified by the correct party previously. Multi-factor authentication is free and available on commonly used products like Gmail, Facebook, Twitter, Microsoft and Apple. You should require employees to use MFA on any business platform that requires a login, if available.

7. Use work devices for work purposes

Most employers provide team members with work devices in order to better secure their systems. However, with a transition to remote work, it’s highly likely that your employees will want to use home computers, monitors, and other devices in order to upgrade their work stations.

Unfortunately, BYOD policies can open up your company to unexpected risks. You’d be better off allowing employees to bring equipment home through a formal check-out process. Employees will perform better if they have the equipment they need and you’ll be more confident that sensitive information is safe.

It’s also a good practice to train your employees on what activities they can perform on their work devices and what activities should stay on their personal devices. For example, many companies encourage employees not to store personal passwords on company laptops. Other best practices include keeping work and personal browsing separate and requiring access to all work data through secure sources verified by the organization.

8. Create a remote work policy

Having a remote work policy your employees can reference will help keep your cyber security strong throughout your organization. Hopefully, you built in this policy as soon as you transitioned to WFH, but it’s not too late to provide clear guidance to your teams.

In addition to remote work policies for cyber security, you should also set clear expectations related to WFH culture. Keep a pulse on employees feelings and expectations by sending out regular surveys and creating an open-door policy via email, phone, or instant communication. It’s important employees who work remotely understand they still have an HR team they can talk to and that they feel comfortable doing so.

Safety for your employees and your data

Take advantage of the security features your employees can access and teach them best practices for passwords. Encourage multi-factor identification and have them set their computers to automatically update. Taking simple preventative measures like these will save your company money and prevent unnecessary headaches in the long run.

Author
Michael Davis
Contributing writer, BILL
Michael specializes in helping businesses optimize financial operations by staying up-to-date with industry trends and translating insights into real-world applications. With expertise in AP, cash flow, and fintech, Michael breaks down complex topics to help businesses continue to grow.
Author
Michael Davis
Contributing writer, BILL
Michael specializes in helping businesses optimize financial operations by staying up-to-date with industry trends and translating insights into real-world applications. With expertise in AP, cash flow, and fintech, Michael breaks down complex topics to help businesses continue to grow.
The information provided on this page does not, and is not intended to constitute legal or financial advice and is for general informational purposes only. The content is provided "as-is"; no representations are made that the content is error free.