As many of you are moving to have your employees work remotely in this COVID-19 environment, we want to remind you that this opens your systems to hacking. This could cause interruptions to your network and result in damage due to the loss of your data as well as that of your customers. Do not expose yourself to this liability. We encourage you to conference with your IT professional to secure your data immediately. I have copied some best practices from an article Farica Chang of Anderson Technologies wrote for the U.S. Chamber of Commerce with some basic tips. I have also included some tips relating to ZOOM group meetings which are also subject to hacking.
Best practices for creating a remote workforce:
Despite the risks, businesses can reduce the danger to a reasonable and appropriate level by employing the following cybersecurity best practices at all times:
- Use company-owned hardware, whenever possible, that is properly configured and maintained.
- Always use encryption and session locking for remote work.
- Have strong password policies in place.
- Manually configure remote workers’ computer firewalls and anti-virus/anti-malware software.
- Ensure all hardware and software is patched, even if employees use their personal computers.
- Do not allow non-work-related browser extensions on remote computers, as these can have tracking or malicious code embedded in them.
- Use multi-factor authentication. The importance of this cannot be overstated. Multi-level authentication is the best defense against compromised accounts or passwords.
- Set access privileges for all users. No employee should have access to parts of a network they don’t need for their job. This keeps any potential network penetration from spreading to the entire network.
- Never allow admin access on a user account.
- Consider having employees confirm they have proper security measures in place on personal devices prior to providing them with remote access.
Most important of all, train employees on cybersecurity basics, how to spot phishing and signs of malicious activity on their computers. Make sure they know who to contact if they suspect a problem. They are the first line of defense in keeping their computers from being compromised, so providing them the tools to stand guard keeps everyone safer.
ZOOM:
Zoom has seen a massive increase in users since the COVID-19 pandemic has forced a large number of people to stay home and turn to video meetings for work, school or social interactions. Zoom-bombing, the practice of unwanted guests intruding on video meetings for malicious purposes, is also said to have significantly increased during the pandemic.
Tips shared by the company include setting the app’s screen sharing feature to “only host” before beginning a session. Locking meetings so that no new participants can join, muting participants and disabling file transfer are also suggested as ways to block a malicious person from potentially hijacking or disrupting meetings.
Steps that the FBI recommends taking to avoid Zoom-bombing include keeping video conferences private rather than public, along with refraining from openly posting links to the conferences on social media platforms like Twitter or Facebook.
AGHL Law is here to help guide your business through this difficult and unprecedented time. If you have any questions, concerns, or need assistance in implementing new policies or reviewing the legal impact on your business due to COVID-19, please contact us at 815-265-6464 or email Attorney Greg Cox at gcox@aghllaw.com.