Thanks to the curse of the Coronavirus pandemic, millions of us have had a taste of remote working at home. And it looks like many of us in small businesses here in London and elsewhere might not be returning to ‘work as we know it,’ even after the threat of Covid-19 has receded. Research by Gartner amongst some 230 HR leaders in April, showed that over 81% of employees were working remotely and that two-fifths (41%) of employees are likely to continue to work outside the office at least some of the time, post-pandemic. Therefore, the question on many a small business leader’s mind is: ‘How can we secure our home office for remote working?’
In this series of four articles, we’re looking at ways you can keep your small business IT infrastructure, IP, data and confidential information safe and secure while your people work remotely. You’ll remember that our aim is to help your home workers benefit from the kind of cybersecurity protection they take for granted when in the office via tools, tips and best practices you can implement quickly, simply and cost effectively.
This third post focuses on the need to develop strong passwords – we recommend using a password management tool for this purpose – and why you should not only limit administrator rights but move them to a separate account, too.
So, here’s the third part of our ‘How can we secure our home office for remote working’
For this third article in our four-part of our home office security checklist, we’re going to tell you more about the advantages of having sound password management and administrator rights policies in your cybersecurity armoury. Below we discuss:
- Home office security checklist for remote workers
- Why you should develop strong passwords
- How to make your password life easier with a password manager
- Double your defensive strength with Two-Factor Authentication
- How limiting local administrator rights delivers a defensive difference
- What to do next?
Home office security checklist for remote workers
Here’s our complete home office security checklist for your remotely working team; you’ll recall we’ve covered items 1 to 4 in our two previous posts.
- Securing your Wi-Fi and Internet (covered in Part 1/link to article?)
- Protect Internet browsing with a DNS provider (covered in Part 1)
- Update your operating system to the latest version (covered in Part 2/link to article?)
- Install and use the latest antivirus/malware protection (covered in Part 2)
- Develop strong passwords and use a password management tool
- Move administrator rights to a separate account
- Use Cloud backup
Why you should develop strong passwords
Passwords are the bane of modern life, aren’t they? But they are also the foundation of an effective and efficient cybersecurity regime, whether your people are working at home or in the office. And the most secure passwords are long, include special characters, are not used and re-used for different accounts and do not include personal information. Which all means they are difficult, if not impossible, to remember.
First things first – always follow this password best practice:
- Generate and use a different and secure password for each online account.
- Create a random two to four word phrase that does not include any elements from your name, organisation, address or any information associated with you, such as your date of birth.
- Include upper and lowercase letters, punctuation, a number and have a minimum of 14 characters.
- Change your password every time you’re prompted by your online account.
- Never store your password list in the Cloud, such as on Google Docs or Dropbox.
- Make sure your team knows how to implement this essential password best practice advice.
How to make your password life easier with a password manager
Password management tools can help you and your team to create, share, manage and remember secure passwords for your online accounts, applications and so on. Effective and free password management tools include LastPass and xkpasswd, both of which enable you to generate, encrypt, administer and store strong passwords. And the good news is that you all only need to remember one ‘master’ password to access all the others!
Double your defensive strength with Two-Factor Authentication
By enabling two-factor authentication (2FA) whenever you get the chance, especially for your mailboxes and financial accounts, you benefit from a lot of extra protection for a little inconvenience.
Two-factor authentication means you and your team have to provide additional information, over and above the usual username and password, to gain access to your accounts and applications. This is usually something only the user would know or have at hand, such as a mobile phone number or an alternative e-mail address.
How limiting local administrator rights delivers a defensive difference
If you don’t limit local administrator rights (LAR) or move them to a separate account, it can create vulnerabilities for your IT. This is because LAR gives your people the ability to install software, change configuration settings or shut off your system’s security controls (including password or anti-malware defences) without permission or knowing the risks of doing so.
This can expose your small business and IT infrastructure to all sorts of potential hacks and scams – such as phishing and malware attacks – via one of your team inadvertently clicking on a malicious link or opening an infected email that then runs malicious code.
So IT best practices dictate that only your employees that absolutely need LAR (such as your IT administrator) should be given them, and then they should use a separate account, username and password from the rest of the team to undertake their IT role.
What to do next?
We’ll be back soon with part 4, the last post in our home office security checklist for your remote workers.
In the meantime, if you manage a small to medium-sized business in London and would like to find out more about cybersecurity for your remote workers, please feel free to call the award and accolade-winning go to IT support team for London here at totality services for a confidential, no-obligation chat about your requirements?