home office setup
From choosing the right hardware to setting access privileges, Anderson Technologies director Farica Chang explains what businesses should do to prevent cybersecurity breaches. — Getty Images/PeopleImages

This article was contributed to CO— by Farica Chang, director of Anderson Technologies, an IT company that optimizes technology to meet the demands of small and midsize businesses.

As COVID-19 continues to spread, businesses are rushing to find ways for their employees to work from home. However, haphazard preparations can turn a remote workspace into an open door for cyber criminals to enter otherwise secured networks. Instead of hurrying this process, step back and take a moment to review the best practices for creating a secure and productive remote workforce.

Choosing hardware: Personal vs. company computers

One of the biggest questions a business needs to first address is how the newly remote workers will access the company’s systems: Will it be through their personal computers, or through company-provided hardware?

It may seem easy to send employees home to work on their own computers, but business owners need to be aware of the risk that entails.

Company-owned computers

Best practice for a remote workforce is to provide company-owned and maintained hardware for employees to work. This ensures any computer accessing the network remotely has all critical software and operating system (OS) patches installed, enterprise-grade anti-virus/anti-malware, and a properly configured firewall. Initial purchase and setup can be expensive depending on the size of the workforce, but this is by far the safest option.

[Read more: 7 Tools That Will Help You Work From Home]

Personal computers

Personal computers may be the only option for a business that cannot afford to purchase new hardware for all their employees, but it comes with risks. Personal computers rarely have the same level of cybersecurity protections that a business maintains. It can also be difficult to verify that all computers accessing the network have up-to-date software and security patches. It doesn’t matter if the method of access is secure if the computer is already compromised, and some studies estimate that one-third to one-half of home computers have some level of infection unbeknownst to their users.From

Personal computers may be the only option for a business that cannot afford to purchase new hardware for all their employees, but it comes with risks.

Farica Chang, director, Anderson Technologies

Watch Now: CO— Blueprint, 9/23

Check out the video from our CO— Blueprint event that took place Wednesday, September 23, 2020, where the panel discussed everything you need to know about recruiting and managing cohesive teams remotely.



Choosing a method of access

For businesses, especially ones needing to set up remote workers quickly, there are two best practice methods of connecting remote workers to the business: VPN gateways and remote access.

VPN Gateway

This is the most secure method of remote work when configured properly with a company-owned machine. It is not recommended for personal devices. VPN (virtual private network) gateways extend a business’s enterprise-level cybersecurity protocols through a secure encrypted tunnel between the business’s internal network and the remote computer. While this is a relatively safe option, infected data can reach the internal network if the connecting computer is compromised while on a home network.

Remote computer access service

Through the use of a third-party software service, remote users can connect directly to an existing office computer. The software allows them to control the actions on their office computer within a window on their home machine. This offering is a viable alternative to a VPN when employees must work from personal devices since it keeps all data and applications contained at the office. While convenient, proper configuration of the remote hardware is critical to a secure connection. All data sent from the office computer to the remote computer is encrypted, but that encryption also hides the data from the business’s own firewalls and threat detection software. If the employees’ computers are not secure, infected data can enter the internal network without any red flags.

[Read more: 5 Resources to Help Your Small Business Survive the Coronavirus]

 farica chang headshot
Farica Chang, director, Anderson Technologies. — Anderson Technologies

Best practices for creating a remote workforce

Despite the risks, businesses can reduce the danger to a reasonable and appropriate level by employing the following cybersecurity best practices at all times:

  • Use company-owned hardware, whenever possible, that is properly configured and maintained.
  • Always use encryption and session locking for remote work.
  • Have strong password policies in place.
  • Manually configure remote workers’ computer firewalls and anti-virus/anti-malware software.
  • Ensure all hardware and software is patched, even if employees use their personal computers.
  • Do not allow non-work-related browser extensions on remote computers, as these can have tracking or malicious code embedded in them.
  • Use multi-factor authentication. The importance of this cannot be overstated. Multi-level authentication is the best defense against compromised accounts or passwords.
  • Set access privileges for all users. No employee should have access to parts of a network they don’t need for their job. This keeps any potential network penetration from spreading to the entire network.
  • Never allow admin access on a user account.
  • Consider having employees confirm they have proper security measures in place on personal devices prior to providing them with remote access.

[Read more: 4 Ways Your Business Can Support Remote Workers]

Most important of all, train employees on cybersecurity basics, how to spot phishing and signs of malicious activity on their computers. Make sure they know who to contact if they suspect a problem. They are the first line of defense in keeping their computers from being compromised, so providing them the tools to stand guard keeps everyone safer.

For more resources from the U.S. Chamber of Commerce:

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

Follow us on Instagram for more expert tips & business owners stories.

Published March 17, 2020