5 Tips for Better Cybersecurity in a Virtual First Company
With thousands of employees having to work from home, cybersecurity issues are on the rise, which means companies will have to focus on strengthening their defenses by educating their employees on the topic.
A regular user assumes a different threat model to systems designed to protect sensitive data like customers' payment information or trade secrets. This simple fact is known to skilled hackers all over the world.
In their eyes, any employee operating outside a company's 'castle walls' becomes a weak link that can be misused to gain easy access to some of the most valuable data.
Understand that most people make mistakes, so we'll have to stop them from falling victim to phishing emails, failing to enable 2FA, or reusing old passwords. The good news is that these vulnerabilities are easy to patch up, and the fixes can be part of your onboarding for new remote workers.
Spock hopes to make it easy for businesses to understand what they can implement and how it can help make those above-mentioned ‘castle walls’ impenetrable.
Here are five easy steps you can start with…
Use a Trusted Password Manager
Whether you’re trying to secure your digital life at home or work, a good password manager will be your first line of defense. Recent statistics tell us that 81% of company breaches occur as a result of weak passwords, so it’s clear businesses need to introduce trusted solutions like 1Password, Bitwarden, or KeePassXC.
Software like this can store your password database securely in the cloud, letting you generate strong and unique passwords automatically each time you create a new account.
Whenever an employee visits a website where they need a login, the password manager will autofill the username and password fields, preventing them from being captured by potential keyloggers.
Moreover, a password manager protects users from even the best phishing attacks, as autofill will only work if the linked website’s URL is correct.
It’s easier than the traditional way of writing everything down in a notebook, syncs across multiple devices, and you safely can send login details to others using the password manager itself, so why not use it?
Enable 2FA for All Your Accounts
Two-factor authentication combines something you have with something you know, such as a code generated locally on your phone with a password you remember.
There are three ways to do this:
- SMS verification
- TOTP one-time password
- Hardware-based 2FA (e.g. YubiKey)
We recommend TOTP one-time passwords as they are immune to SIM-swap attacks and don’t require a costly investment like the hardware option. The two go-to apps are Aegis Authenticator on Android and Raivo OTP for iOS.
This step will save you from most hacking attempts because even if a malicious actor has your password, they won't be able to access the SMS/TOTP code you'll generate for every login as part of your 2FA.
Thanks to this, even if a handful of employees choose to reuse passwords they've had for years, their work accounts will still be kept safe because attackers will find it nearly impossible to get ahold of the 2FA codes.
Help Employees Understand Phishing
Everyone with access to anything important needs to pay special attention because modern-day hackers will employ social engineering tactics to try and get people to share details that are better kept secret.
Mostly, this will happen in the form of email phishing.
Maybe your support lead gets a message telling them they need to change their email password—the email looks convincing and falls in line with their email provider's usual branding. The only issue is that it did not come from the email provider.
Instead, it's a meticulously crafted replica sent from a fake address, designed to trick the employee into entering their “old password” for the hacker to collect.
This scenario is just one of the hundreds of potential examples, but the best way to stay safe is to double-check any emails or messages, stay away from unknown links, and verify every request for sensitive information.
Secure Your Emails
Whether you’re communicating with clients or sharing important information with colleagues, it’s always good to communicate securely. In a work setting, most direct messages get sent through services like Slack which takes security very seriously, but what about emails?
As email is an old protocol, it is inherently insecure. Emails are often sent in plaintext by default, and many of the security features provided feel more like temporary bandaids than definitive solutions.
There is, however, one that's worth mentioning: Pretty Good Privacy (PGP).
With PGP, only you and the email’s intended recipient can read the message, effectively eliminating the possibility of anyone capturing and reading the email on its way.
This is thanks to encryption that scrambles the words until they are decrypted locally on the recipient’s device.
The best thing? It’s compatible with any email provider and can be turned off at any time, so while you can use it internally or to impress your security-focused clients, you won’t have to bother anyone who doesn’t want to deal with the complexities of this tech.
Alternatively, try adopting a secure email service like Proton, Posteo, or Tutanota for a simpler implementation of PGP.
Host Your Own Services
If you’ve got future plans or new research to protect, you probably don’t want to see them floating around the web after your cloud storage provider suffers a data breach. To protect the hard-earned knowledge in your files—especially documents—we recommend hosting your own NextCloud server.
With NextCloud, all the storage space you include in your server is available to all employees internally. You’ll also access your own online word processor and be able to sync anything from contact lists to file updates across all your devices.
In simple terms: a self-hosted platform like this is just like Dropbox or Google Drive; the only difference is that the software is free of charge and fully under your control.
For many larger companies, self-hosting is the key to more than just cloud storage or productivity—you can use it to build anything from a mail server to a git service for all your commits!
💡 The impact on our company and our product
We’ve developed SpockOffice.com, a convenient Slack app that helps small and midsize companies with leave tracking through handy features like daily attendance notifications and custom leave types.
A key part of your company’s philosophy revolves around embracing positive change by adapting to hybrid work and helping companies manage remote workers. However, even with our optimistic outlook on the future of work, our team understands the challenges involved.
With the continued digitalization of our work life and increasing dependence on online services, we felt it was time to highlight cybersecurity as a key issue we must tackle for people to work safely in our 'new normal.’
In the future, Spock's content team will continue to shed light on a variety of things forward-thinking businesses like yours need to know to continue pushing forward.