Although small businesses are less inclined to provide their staff with company devices to
work from home, only one third of employees (34%) in this category have received
instructions on how to securely work on personal laptops, tablets and smartphones while at
home during the pandemic lockdown – even though more business data is now drifting
outside the corporate perimeter.This and other findings from the recent Kaspersky study on
working from homehighlight the importance of protection and security awareness for
smallerenterprises.
Working from personal devices has become a necessity for some small organizations during
the coronavirus pandemic. But even withoutCOVID-19 lockdown measures in place, this practice remains relevant for some organizationsas it gives greater freedom to employees
towork anytime, everywhere, while making savings on equipmentto employers. However, in addition to the business benefits, organizationsmust also remember to protect these
devices from cyber risks so that sensitive business and customerdata stored on them remains safe, and employees can work without downtimeas a result of ransomware or
other malware infections.
During the pandemic, three-in-five employees of small organizations (57%) were not
provided with corporate devices from their employers,compared toan average of 45% of staff working in all companies,as shown in the recent Kaspersky study. While it may be the only option for someorganizations to keep their business going, only one third of small
business staff (34%) indicated they were given any IT security requirements to work securely on personal devices.
These requirements could include, for example, having an anti-malware solution installed
by a user or provided by an organization, usingstrong and unique passwords on devices andWiFi routers, andregularly updating device operating systems in order to reduce risks from unpatched vulnerabilities.
Having such instructions in placehas recently become even more necessary, given that 35% of small business employees admitted they have begun to store more valuable
corporate information on their home devices, as well as in personal cloud storage services (25%).
“Small companies may be in difficult circumstancesand their first priority is to save their
business and employees during the lockdown. So it is no surprise that cybersecurity may become an afterthought. However, implementing even basic IT security requirements can decrease the chances of malware infection, compromised payments or lost business data.
Moreover, there are plenty of recommendations already given by cybersecurity experts that businesses can share with their employees to help them keep their devices safe. And of course, the requirements should be followed not only during home isolation but continued
when staff workremotely in the future,” comments Andrey Dankevich, Senior Product Marketing Manager, B2B Product Marketing at Kaspersky.
Kaspersky advises small companies to follow these IT security requirementsto protect their
employeeswhile working from personal devices:
• Home devices should be protected with an antivirus solution. Kaspersky offers small businesses a dedicated solution, Kaspersky Small Office Security, which can be installed
remotely on any device, whether corporate or employee-owned and managed from the cloud.
• Deviceoperating systems, as well as applications and services should be always updated
to the latest versions.
• Password protection should be switched on for all devices, including mobiles and WiFi routers. If a router has a default password it should be changed to a new and strong one.
The password manager feature in a security solution helps to generate and store unique and strong passwords for every account.
• Home WiFi connections should be encrypted, ideally with the WPA2 encryption standard.
This can be done in router settings.
• A VPN should be used if an employee is using unknown WiFi hotspots.
• Use a security solution that enables device and server encryption and creates backups for
all corporate data – this will help to restore data quickly in case of a ransomware infection.
• Provide employees with a list of reliable cloud services that they can use to store or transfer corporate data.
• Conduct basic security awareness training for your employees. This can be done online and should cover essential practices, such as account and password management, email security, endpoint security and web browsing. Kaspersky and Area9 Lyceum have prepared a free course to help staff work safely from home.
• Last but not least – ensure your employees know who to contact if they face an IT or security issue.