18 Things You Need to Do Immediately to Protect and Optimize Your Remote Business

200
cyber

It’s been a long year. And it’s barely halfway over.

Now that we’ve had some time to adjust to our new pandemic reality, it’s time for businesses large and small to begin planning for whatever comes next. This is especially important for remote businesses, which generally have fewer financial and human resources to weather sudden economic shocks, natural disasters, and whatever else fate brings.

Fortunately, you’re not the first remote business leader to find themself in this position. Right now, thousands of your peers are working through the same sets of agonizing decisions as you are, making difficult and in some cases gut-wrenching decisions that impact their employees’ and customers’ lives. 

It’s not a fun process. But it’s vital to the long-term survival of the enterprise.

With that in mind, let’s take a closer look at some of the things you should do right away to protect and optimize your remote business in a period of unprecedented disruption. There’s a good chance you’re already pursuing some of these projects. Others are surely on your radar. But it’s vital that you get to them all in short order, lest you leave your business vulnerable to a compromise that never had to happen. Start at the top and work your way down.

  1. Invest in Comprehensive Cyber Protection

Before you do anything else, invest in a comprehensive cyber protection solution that includes five essential vectors:

  • Safety: Creating reliable data backups at regular, frequent intervals is the surest way to keep your company safe from data loss and corruption. That, in turn, helps you maintain your competitive advantage. 
  • Accessibility: Your data needs to be accessible from anywhere, at any time. Don’t settle for a cyber protection solution that promises anything less.
  • Privacy: Identity theft and corporate espionage are massive (and growing) threats to all businesses, including smaller, remote ones. By managing permissions and using enterprise-grade encryption, you give your organization a fighting chance against those who wish it.
  • Authenticity: Preventing unauthorized changes or tampering is essential to effective version control. Use a blockchain-enabled solution to ensure authenticity at all times.
  • Security: Your digital security posture must include an integrated defense capable of stopping known and emerging threats as they arise.
  1. Draw Up a Business Continuity Plan to Prepare for Natural and Manmade Disasters (Or Another Wave of the Pandemic)

Many smaller businesses lack an effective business continuity plan. While it sounds like a daunting task to draw one up, templates are readily available for free online and the core elements of your plan may well be items you’ve already considered or planned for. For many remote businesses, it’s more about putting these elements together in a coherent package.

  1. Upgrade Your Internet, Even If You Work From a Home Office

An enterprise-grade remote business requires enterprise-grade Internet. Yes, even (especially!) when its entire workforce works from home. 

Invest in an overhaul of your home Internet; paying more for business speeds is absolutely a sound investment. Subsidize your employees’ business Internet expenses too, because you don’t want to see their laggy Zoom windows any more than they do.

  1. Make a List of Distractions and Get Rid of Them All

This is more of a “personal development” to-do, but it does provide a measure of protection in a broader sense if you think of distractions as threats to your productivity and profit potential. 

Most of these distractions are surprisingly easy to dispense with. To take just one common example: A screen time limiting app on your smartphone will literally prevent you from wasting time on social media, a huge time sink for many remote employees.

  1. Find and Deploy a Top-of-the-Line Anti-Malware Suite

One of the five pillars of cyber protection is security. Is it the most important? That probably depends on whether your organization has been hit by a cyber attack in the past. If you’ve been fortunate to this point, know that your luck could run out at any point — but that an anti-malware suite capable of detecting emerging threats greatly increases the likelihood that you’ll parry future attempts to break your defenses.

  1. Use a Virtual Private Network That Doesn’t Create More Problems Than It Solves

This is another easy and low-cost aspect of a comprehensive security posture. A reputable virtual private network creates an encrypted bubble around protected devices, preventing unseen attackers from reading or collecting information sent from your remote company’s ecosystem. However, widespread adoption and use are essential, as VPNs only work when they’re installed on every device and actually turned on.

  1. Use Encrypted Email for Sensitive Communications

Another obvious use of encryption is email. Even with a VPN, you can’t be sure your email suite isn’t compromised. Using a highly rated encrypted email service like ProtonMail for sensitive internal communications greatly reduces the risk of external compromise and helps you narrow down likely vectors in the event of a breach.

 8.Regularly Back Up All Your Mission-Critical Data

“Always be backing up.” This might as well be your new corporate motto. Use a secure cloud backup tool with plenty of storage space and you won’t have to worry about making compromises. 

  1. Change Your Passwords No Less Frequently Than Every Month (And Require Your Employees to Do the Same) 

Password hygiene is a major weak spot for a lot of remote companies. You can do your part by managing employee permissions to ensure that team members can’t access sensitive accounts that they don’t need to perform their jobs, but that’s just the start. Make sure all your company accounts require frequent password changes and have high standards for password strength. Mandate unique passwords as well, so that an attacker who learns of a single password can’t access every account.

  1. Require Two-Factor Authentication on All Company-Provided and BYOD Devices

You’re probably aware of the concept of two-factor authentication at this point. If not, take a moment to read this overview from CNET.

Got it? It’s pretty obvious why you’d want to require your employees to use two-factor authentication. Clever hackers can easily breach your email suite and access passwords stored in your browser, leaving you vulnerable to catastrophic compromise. 2FA prevents them from taking the next, crucial step — that is, actually accessing sensitive accounts.

Unless they’ve stolen your phone or created a usable facsimile of your fingerprint, of course. But in that case, you have much bigger problems.

  1. Require Biometric Authentication As a Backup on All Company-Provided and BYOD Devices

On the subject of fingerprints, there’s another security feature that your remote business absolutely needs to adopt sooner rather than later. It’s biometric authentication, the most common iteration of which can probably be found on your smartphone.

That’s right — the fingerprint scanner you use to unlock your phone or log into extra-secure accounts is quickly becoming the gold standard for digital business security. Reinforce your 2FA gatekeeping with biometric authentication across your entire business device cloud and encourage (or mandate) your employees do the same.

  1. Hold Independent Contractors to the Same Security Standards As Your Employees

Many of the worst data breaches in history began with contractors insufficiently concerned with their clients’ security protocols. The Target data breach, for example, began with a lowly plumbing vendor serving a few stores in one of the retailer’s many U.S. regions. 

Your business almost certainly lacks the scale or internal resources of a Target (or Home Depot, or Capital One, or any of the other household-name enterprises victimized by data thieves in recent years). But it probably relies on contract labor or third-party vendors to some extent. Each of those external service providers represents a potential vulnerability to be exploited by clever hackers.

Legally speaking, you don’t have the same degree of control over your independent contractor network as your employees. But you do sign their paychecks, so to speak. You can compel them to protect your company by requiring them to adopt the same rigorous security standards as you require of your employees. 

  1. Hire Contractors Through Reputable Staffing Agencies and Platforms Whenever Possible

It’s not just that your contractor network is a security liability. It’s that you lack the resources (or, frankly, the desire) to vet every single contractor or third-party vendor with the same rigor as your employees, who are far fewer in number and far better known to you and your executive team.

Fortunately, the task of vetting prospective contractors does not fall on you and your executive team alone. Hire contractors through reputable staffing agencies, or even freelance work platforms that require contractors to provide identity verification and professional references, and you’re far less likely to invite a bad apple into your organization.

  1. Make Use of Nondisclosure Agreements and Noncompete Agreements Where Permitted by Law

While generally permitted by law, nondisclosure agreements rest on much surer footing when they’re drafted by employment law practitioners than when they’re downloaded from LegalZoom or its ilk. Nothing against those websites — just, you shouldn’t entrust your company’s future to their one-size-fits-all drafts.

Noncompete agreements are a tougher case. In some states, they’re basically not enforceable, even if they often succeed in chilling employees’ and contractors’ efforts to profit from their tenure with your organization.

Still — it’s better to hold employees and contractors accountable than to let them run wild. Make sure there’s a paper trail.

  1. Never Connect Unknown or Unscanned External Devices to Company Hardware

Back to the technology front. This is an easy-peasy step you and your team can take to protect your company’s devices (and BYODs) and networks. It’s as simple as forbidding anyone, ever, from connecting random, unscanned external devices to company hardware or BYODs. Whatever’s on them isn’t important enough to jeopardize everything you’ve worked for.

  1. Never Access Company Accounts on Unsecured WiFi Networks

Unsecured WiFi networks pose a similar level of risk to unknown devices, especially in unfamiliar locations of the sort you frequent on business travel. Again, protecting your business from hackers lurking on unsecured WiFi networks is as easy as forbidding your team from connecting to said networks — no ifs, ands, or buts. It’s. Just. Not. Worth. The. Risk.

  1. Formalize an IT Incident Reporting Policy and Hold All Employees and Contractors to It

Spend enough time scrolling through your inbox folders, let alone trawling the darker corners of the Internet, and you’ll encounter some truly sketchy situations. Multiply the frequency with which you roll your eyes at ill-crafted spam emails or delete phishing messages on Facebook by the number of employees and contractors working for your organization and you have a sense of the scale of the problem. 

You can’t prevent these threats from arriving at your doorstep, of course, but you can report them to the proper authorities. Those would be your in-house IT team or external managed service provider’s security staff, depending on your setup. Either way, it’s on you to draw up internal procedures governing such reporting, including when and how reports are generated and submitted.

  1. Avoid Unencrypted P2P File-sharing Applications on Home Networks That You Also Use for Business

Admittedly, this could be a tough ask for your entire team, but you can certainly hold yourself to it. If you do utilize P2P file-sharing applications, at least go through the trouble of upgrading to an encrypted platform. The other data security protocols you’ve implemented, notably company-wide anti-malware and VPN usage, should mitigate the risk outside your own IT bubble. 

Your Remote Business Is Too Important to Leave to Chance

You have every right to look at the above and think, “Wow — that’s an overwhelming list.” Perhaps you’re correct about that. It’s not like these are the only items on your agenda right now. You have a business to run, after all. 

Of course, in your heart of hearts — and your balance sheet — you know that it’s vital to protect your remote business. Even more so in these trying times. You don’t want to look back on the present moment in five or ten years and wish you’d done more to keep your business afloat.

And you won’t. At least, not if you remain focused on what matters most: ensuring that your business has every chance to thrive in an utterly changed world. Completing these agenda items, overwhelming as they seem, will put you in an excellent position to do just that.

But let’s not get ahead of ourselves. There’s work to be done. Here’s to a brighter, more secure future for remote businesses large and small.