Sejal Lakhani-Bhatt, an Entrepreneurs' Organization (EO) member in New Jersey, is CEO of Techwerxe, which provides managed IT support to businesses to help them navigate the evolving IT landscape. We asked Sejal what's on her work-from-home IT security checklist. Here's what she shared:
When your workforce went remote last March, did you anticipate you'd still be working from home one year later? If you did, then I'd like to consult with you on winning lottery numbers. Most of us assumed we'd be back at our desks within a few months.
The expectation that "normal" was in sight, coupled with an onslaught of challenges the pandemic created for businesses, may have caused your organization to put some Band-Aids on IT security gaps. As we move into year two of the pandemic and the work-from-home model is here to stay (at least in hybrid form), businesses need to take a proactive rather than reactive approach to IT security.
But what does it mean tobe proactive when it comes to your IT? Let's think about it like fire prevention. If you proactively install smoke alarms, remove fire hazards, and don't leave candles unattended, you're more likely to prevent a home fire. If you don't take these precautions, then you may require the reactive assistance of firefighters. IT security is very similar.
Reactive IT support is more of the break/fix model. If you're accustomed to consistently calling a help desk because something went wrong on your computer, then your business probably has reactive IT support. This approach can be costly for companies of all shapes and sizes. According to a report from IBM and the Ponemon Institute, the average cost of a data breach in 2020 was $3.86 million. Yikes! Can you imagine the impact that even a percentage of that expense would have on your small or mid-size business? The reactive approach to IT can also lead to significant downtime.
Proactive IT security works to identify and prevent potential security gaps before they become problems. Processes and infrastructures are put in place to ensure your organization keeps its data security to avoid an IT emergency. In a work-from-home solution, this includes building a private workspace to connect your employees to the data they need securely. This is critical for most companies, but particularly those that must adhere to regulatory compliance requirements such as HIPPA, NYCRR, and PCI.
A proactive approach to IT also allows businesses to create a steady budget. Fluctuating operating expenses affect cash flow and profits--especially during a pandemic. By creating a proactive IT plan with your managed service provider, you can establish a monthly expense that stays the same even in the event of an emergency.
How can your company start implementing a proactive IT model for work-from-home employees? Here's a checklist to follow:
Do you have a defined list of company policies for your employees working from home? What are your requirements when it comes to the internet, remote work, and bringing your own device? And, do those policies include requiring computers to automatically lock after 10-15 minutes of inactivity?
Are all employees' workstations up-to-date with the latest operating system and antivirus software?
Do your employees have a secure connection to work applications from their home?
Do you have disk and/or file encryption in place to protect sensitive company data on workstations?
Have all users selected strong passwords for all of their accounts? The key elements of a strong password are length; a mix of letters, numbers, and symbols; no ties to your personal information; and no dictionary words. Do employees store these passwords in a secure location?
Mobile Device Management
Are you using mobile device management on non-company-issued devices such as tablets, smartphones and laptops?
Have your employees completed security awareness training? Have you provided your staff with phishing simulation training?
If you answered no to even a couple of these questions, then it's time to re-evaluate your IT security and work-from-home policies. Most small and medium-sized businesses can't afford to have a dedicated in-house IT team to help employees work securely from home. Establishing a relationship with a managed IT service provider can ensure your company is protected while reducing costs and increasing profits.
By taking proactive steps to ensure you have the right protection now, your organization will be securely positioned for the different types of remote setups 2021 may bring.