The entrepreneur’s guide to “work from home cyber-security”

Limited time offer: Let Amaxra manage your Office 365 licensing and we will configure security such as multi-factor authentication at no additional cost. Email technology@amaxra.com or chat with us on this website to find out more.

Technology improvements in near-ubiquitous broadband, mobile devices, and collaboration software over the past few years have made working from home easier than ever. It’s a stroke of luck cloud-based collaboration technologies such as Microsoft Teams are readily available during the global pandemic lockdowns that necessitated so many “work from home” (WFH) policies for companies. But WFH scenarios unfortunately create serious cyber-security problems for remote workers; problems that must be addressed given the prevalence of employees working from home.

Even as entrepreneurs transition to a “new normal” of work from home policies, they must increase their vigilance against cyberattacks. Amaxra has blogged about how perimeter-based cybersecurity defenses are ineffective for cloud-first businesses and the issue gets worse for remote employees. Entrepreneurs thinking strategically about post-pandemic WFH policies must also be thinking about improving cyber-security for those employees. As uncomfortable as the conversation around budgeting for that cyber-security is, especially in shaking economic times for many small-to-midsized businesses (SMBs), business leaders have to discuss their WFH cyber-security options. This is because SMBs are attractive to online criminals.

Hackers know SMBs typically have lower IT budgets and weaker cyber-security measures in place. Recent stats pointed to SMBs that spend less than $500 annually on cyber-security as the targets of almost 50% of all cyberattacks. Given the high costs related to both your IT department patching the cyber-security hole at your business and the cost of downtime, legal penalties (if personally-identifiable customer or employee data is lost), and damage to your trusted corporate brand, cyber-security is definitely not what you should skimp on when it comes to budget planning.

However, good cyber-security practices also do not have to break the bank. Amaxra’s team of cyber-security experts have outlined three best practices for SMBs to shore up their work from home cyber-security policies. And for those organizations with Microsoft 365 Business and Microsoft Teams, many of these cyber-security best practices are free to implement:

1. Enable secure management of devices and applications used for remote work

Short of providing everyone in your organization with a company-issued device configured to your IT department’s cyber-security protection standards, you’re going to have to let your employees use their personal devices to work from home. A “bring your own device” (BYOD) policy of allowing employees to use their personal smartphones, tablets, and laptops to access files and programs for work is here to stay. But without providing some ability for the employer to police the use of those employee devices whilst keeping the employee’s personal data and files separate, the risk of a cyberattack that steals valuable corporate data off an employee-owned device is extremely high.

Accessing corporate email from an iPhone can seem like a relatively low risk policy. But think about the personal iMac that your employee is using to work from home. What if that iMac is accessing your cloud-based corporate assets without antivirus, isn’t using the latest OS, and is connected to a home internet router without good firewall protections? Without enabling secure remote management of the personal devices your employees use, you are putting sensitive company data at risk of exposure when that device or application is compromised.

Organizations with Microsoft 365 Business Premium can easily configure a BYOD security policy that delineates between corporate data access and personal data privacy. Every Microsoft 365 Business Premium plan comes standard with Microsoft Intune and Enterprise Mobility + Security (EMS) features. This feature empowers SMBs to remotely install corporate apps and security policies required for employees who work from home onto their personal devices—without touching the employee’s personal data or files. Intune and EMS also can be configured to install critical app and operating system updates to ensure hackers can’t take advantage of unpatched software on an employee-owned device. Read about how Amaxra uses this feature at our organization and how we’ve set it up for numerous SMB customers in a previous blog post.

2. Set up multi-factor user authentication on all devices

In our cloud-first/mobile-first world, we are all used to typing in a username and password to access our favorite apps. It goes without saying that some form of authentication should be required to log in to company devices and access company networks, too. However, just a username and password are not enough to thwart increasingly sophisticated hackers.

Organizations with any Microsoft 365 Business plan can deploy multi-factor authentication (MFA) for free to add stronger security to access their productivity apps, online collaboration spaces, documents, and files. Typical MFA policies require the employee to log into the cloud-based resource by verifying receipt of either a text message or random number sequence pop-up message on their personal phone using a secure authenticator app. For employees that have smartphones with built-in fingerprint readers and Windows 10 PCs compatible “Windows Hello” facial recognition features, you can add biometrics for an added layer of security to MFA.

The advantage of MFA is that it is personalized for each user and therefore difficult for a hacker outside your organization to fake. For example, without MFA protections, an employee could be phished by a hacker but without the employee’s personal smartphone (and their finger on the reader if you enabled biometrics) to authorize access, it is physically impossible for the hacker to ever get into the employee’s files.

3. Keep outsiders out of your corporate videoconferences.

You don’t have to look hard to find news stories about unwanted attendees interrupting videoconferences. Usually it’s just trolling, but sometimes it’s to steal valuable company information. The videoconferencing app in question is incredibly popular with SMBs because it’s “easy to use.” No password or other security measures mean any outsider can easily “bomb” your company’s videoconference.

However, if your business has Microsoft 365, then you already have a much more secure videoconferencing solution with the free Microsoft Teams app. Available on every device (PC, Mac, iPhone, and Android), Microsoft Teams is a cloud-based app that enables instant messaging, voice calls, and videoconferencing meetings for your entire organization. Microsoft Teams runs on secure Microsoft Cloud infrastructure that was enhanced in early 2020 to handle more millions of WFH users on a global scale.

Most importantly, Microsoft Teams is built into every Microsoft 365 Business plan. That means Teams is seamlessly integrated with all Microsoft 365 apps, so it’s extremely easy to set up meetings using Outlook calendars and email. Unlike the other competing app, Microsoft Teams videoconferences add a layer of cloud-based cyber-security to every online meeting. Amaxra consultants have put together three tips to make every Microsoft Teams videoconference an outstanding success.

Trust Amaxra’s cyber-security expertise for your company’s WFH

Many companies shifted operations to 100% remote working as a result of the COVID-19 pandemic. Again, the seemingly overnight move to WFH was made possible by the cloud but it’s also exposed vulnerabilities in those technologies—especially for SMBs with limited IT resources.

Setting up cyber-security for any business is a highly technical, complex task that requires the involvement of experts. Cyber-security is a full-time job for any IT department. It’s difficult for SMBs to keep up with the latest cyberattack techniques. But recall that while SMBs are the targets of almost 50% of all cyberattacks, SMBs often spend less than $500 annually on cyber-security.

Following the WFH cyber-security tips Amaxra have outlined in this blog post can help reduce your overall risk. And if you’re an entrepreneur or SMB IT leader, Amaxra has several low-cost but high ROI cyber-security options that we are offering during the pandemic.

Contact me at technology@amaxra.com or call 425 708 8841 if you have any questions or comments on this blog.

about the author

Mike Arntzen

Mike is an experienced Technology expert who is skilled in Enterprise Software and Security and Cloud Implementation. He has a strong engineering background graduated from the Royal Australian Air Force School of Radio, with postgraduate studies in Fibre Optics from Royal Melbourne Institute of Technology. Known at Amaxra as "Mr FixIt" there isn't much Mike can't resolve. He has recently implemented Amaxra's switch to Skype for Business within the Amaxra office.

How can we help you?

get in touch