Cybersecurity guidelines for your employee computers and portable devices
You might have taken many precautions to protect your business from online threats. But have you specifically thought about the unique online threats that come with giving your employee an office laptop? Read this article to know how to mitigate online threats when providing your employee with an office computer.
The internet has opened up too many avenues for running new businesses that were earlier not even imaginable. Even the traditional mortar and brick businesses are heavily digitized now. Be it running their business activity on cloud or just making use of an employee collaboration suite for email and video chat, the world has changed a lot and with that, it has also brought about new security threats and dangers.
A lot of companies take different approaches to protect their digital infrastructure and keep the data of their business, employees, and customers safe. In this article, we will be focussing on points which a business needs to take to safeguard the devices of their employees. These devices due to their access privileges are probably the weakest links in the security architecture of a company.#1 Employee training on cybersecurity
Probably the most common path cybercriminals use to get into a companies network is through the company email. Employees are sent emails with malicious attachments, links to phishing websites or links to websites which download dangerous code on the computer. While many such emails are blocked by the corporate email firewall, emails with new patterns of attacks are not identified immediately and will each your employee's inbox.
If it has reached the inbox, the first level of defence against such emails is an informed and trained employee. Training during orientations and periodic training on cybersecurity will help an employee to identify harmful emails and take appropriate action.#2 Blocking access to malicious and unnecessary websites
If you are working with sensitive data of your client then you would understand the need for blocking access to any website that allows file upload. This includes cloud storage websites like Google Drive, OneDrive, Box and Dropbox, and email providers like Gmail, Yahoo, and AOL. Applications like Cisdem AppCrypt let you block access to websites which you deem harmful to your business. This can include the websites we discussed above as well as other websites that you might deem distracting like YouTube, Facebook, Instagram, Twitter, Change.org, etc.#3 Block applications both native and installable
Some applications come by default installed on your computer and there are some which can be installed. This includes email clients, cloud storage apps, music, and video apps. You can password-protect apps on Mac and Windows with a password so that your employees are not able to open any unauthorized apps on their office laptops or computers.#4 Online Security applications on office computers
There are many enterprise solutions currently available in the market which act not only as antivirus and antimalware but also can take the role of a firewall, activity tracker, and security compliance checker. Set these applications to run and check for updates periodically (ideally once every 24 hours).#5 Provide a VPN for remote work
Courtesy COVID-19, many companies that were earlier not offering work from home are now giving this facility to their employees. However, the home networks of your employees will rarely be secure. So, it is a must that you install a VPN on their laptops which they must use to connect to any official cloud application when working from a non-office network. Such a VPN will encrypt the data that flows through the employee laptop and will improve the safety of your official data.#6 Provide encryption on your office laptops
Any office computer that goes outside your business premise, must have encryption enabled by default. Laptops which are regularly in the backpack of your employee are an easy target for theft. So make sure that any data on the laptop is encrypted with the best possible standard. Also, set a rule for each user account password so that it meets a minimum password strength requirement.#7 Backup files or promote a cloud storage for important files
Many companies are now not giving their employees an Office Suite. What they have rather is a cloud alternative for Word, Excel and PowerPoint. This makes sure that all the important data related to the company is available only to the company employees as well as is secured in case of failure in the computer hard drive. However, this is not always possible and some of the staff needs some files offline, for instance, an employee going for an official presentation to a client wouldn't want to risk having his/her file on the cloud and not being able to access it when in a meeting with a client. So, while it is important to have the flexibility, but make sure that the folder in which the employee keeps the file offline is automatically synced to online cloud storage of your company.#8 Adopt best practices for payment systems
Your finance team and team members who have a company credit card must be trained in proper usage policy. Separate computers must be used for doing business-related financial transactions and for other online surfing. You can even collaborate with your bank to develop some extra validations for transactions on your company account. Work with your bank to make sure that you are using the most secure and updated tools to make transactions on your company's bank accounts.#9 Limited access to personal devices
Employee personal accounts should have access to only a few office applications. This can be limited to office email, messaging applications, and cloud storage. Carefully evaluate as per your business requirements what all office data should be available on your employee personal device. Nowadays, there are Compliance applications provided by many Enterprise Cloud Suite companies like Microsoft and Google which ensure that the employee smartphones store data in an encrypted format and have passwords or PIN as per your company's guidelines. Make use of the applications if possible.Wrap up
The suggestions provided above are just that - suggestions. Each company is uniquely placed and may have many other security requirements in which an expert can help you better. It might even include replacing the above suggestions with something better. However, the only important point is to not neglect the security aspect when providing your employee with a computer or laptop. Frauds not only bring financial loss but also leads to a loss of reputation. Money can be earned but the trust lost with your client can permanently damage your business. Take the tips that are mentioned above and work on improving the cybersecurity of your business.
