man looking out window with coding text in background
From training your staff to equipping your devices with security features like two-factor authentication, experts offer their best tips to small businesses looking to stay safe. — Getty Images/ConceptCafe

From logging onto conference calls in your slippers to skipping a long and stressful commute, remote working offers many attractive benefits. Perhaps most importantly, telecommuting also gives you and your employees a way to stay safe during the COVID-19 pandemic. However, while you might be protecting yourself and your employees from one dangerous threat by staying home, you could be exposing your business to another potential disaster—cyberattacks that could compromise your data and the health of your company.

If you’re like many small businesses, you had to quickly transition your team to remote working at the start of the pandemic. In the scramble, you might not have taken all the proper precautions to keep your information secure.

Data shows that cyber criminals are taking advantage of the increased number of employees working remotely. In April, Google reported seeing 18 million email scams per day related to COVID-19, such as those impersonating authoritative government organizations like the World Health Organization to solicit fraudulent donations and those impersonating government institutions to get employees to download files related to the government stimulus packages.

“Because the majority of nonessential workers are now working remotely, cybercriminals understand that each employee that connects to the corporate network is a potential point of failure,” said Baker Nanduru, McAfee’s consumer business group endpoint segment leader. “This is especially important for small businesses: Since most employees have to wear multiple hats, the likelihood any employee would have direct access to customer data is far higher.”

If you want to avoid falling victim to a cyberattack, it’s not too late to act. Here’s what you need to know to keep your business secure while your team works from home.

Educate your staff

It’s important to empower your employees with the tools and knowledge they’ll need to stay safe while telecommuting. “Teach them about the dangers of phishing emails, unsecure sites and weak passwords,” said Staci Young, senior advisor, partner marketing management for Dell. “Also remind employees to change passwords frequently, typically every 90 days.”

Considering that 43% of the victims of data breaches are small businesses and the average cost of cybersecurity incidents in a year for small businesses is nearly $35,000, you should teach your employees how to recognize the signs of a cyberattack. Employees should also be taught to immediately report the incident to their manager (and IT team, if one is available) and to update all credentials and passwords that a hacker may have gained access to.

Defend with a firewall

Your business likely handles sensitive data such as customer information, financial records and credit card numbers, so you’ll want to keep your network as secure as possible. A firewall is a security device that acts like a barrier to protect your network. It inspects data that flows from the web to your computer and blocks unwanted traffic and malicious software. A firewall like SonicWall provides high-performance intrusion prevention, malware blocking, content/URL filtering and application control.

Install antivirus software

Antivirus software can also safeguard your network by detecting and eliminating viruses and other cyber threats before they cause harm to your system. Antivirus software is essential for every device that your remote workforce uses, including PCs and mobile devices. In addition to providing antivirus protection, look for software that also offers safe web browsing protection to warn you about risky websites and help prevent dangerous downloads and phishing attacks.

“With the pace at which small businesses must operate, sometimes best practices for searching and browsing the web fall to the wayside in favor of trying to find answers as quickly as possible,” said Nanduru. “Discovering a too-good-to-be-true supplier on the web could end up being a cybercriminal in disguise.”

If you need help selecting software that’s right for your business, consider contacting a Dell Technologies Advisor. “They’ll ask questions and try to make the recommendation that fits the best and is the most comprehensive for your small business,” said Young.

McAfee Small Business Security is a popular software choice that protects your business from the latest online threats, including malware, ransomware, phishing and viruses. Dell includes 12 months of McAfee Small Business Security on all of its Vostro units, and the software can easily be added to Dell’s Latitude, Precision and OptiPlex computers.

Because the majority of nonessential workers are now working remotely, cybercriminals understand that each employee that connects to the corporate network is a potential point of failure.

Baker Nanduru, consumer business group endpoint segment leader, McAfee

Create strong passwords

Encourage your employees to use unique, complex passwords for all of their logins. “If your corporate login is a cybercriminal’s keys to your kingdom, an easy-to-guess password practically gives away the keys,” said Nanduru. Some password tips include using 12 or more characters, using a mix of lowercase and uppercase letters and incorporating numbers and symbols.

Of course, while creating passwords might seem easy enough, remembering them can sometimes be a challenge. Consider using a password manager such as True Key by McAfee to help you and your team keep things straight. “Beyond simply storing passwords, True Key can help generate strong passwords, store those passwords and securely sync them across computers and mobile devices, providing both convenience and security,” said Nanduru.

Use two-factor authentication

You can think of two-factor authentication as an extra layer of security when logging into an account. Instead of presenting just one factor, such as a password, a user must present a second factor to get in, such as a security token or a biometric factor (for instance, a fingerprint or retina scan). “This layer of protection is imperative to keeping your company assets safer from potential hackers,” said Nanduru.

McAfee’s True Key password management app always verifies you by at least two factors before being signed in.

Back up data

Are you only keeping one copy of critical documents on your laptop? If so, you’re making a big mistake. “In addition to threats like ransomware, which could render your documents inaccessible until the ransom is paid, there are other worst-case scenarios to consider, like hardware failure and theft,” said Nanduru.

Be sure to back up your data on a reputable cloud storage system that can fit your budget. This way, you can access your data anytime, anywhere on any device. One option is Microsoft 365’s OneDrive for Business, which gives each user 1 terabyte of personal cloud storage

“What’s important to keep in mind is carrying over the same best practices in terms of protecting your logins and credentials, because after all, once your data is with a cloud storage provider it becomes another asset you need to protect,” said Nanduru.

Set up a VPN

A VPN, or virtual private network, helps keep your business’s data secure while allowing individual employees to access company email, files and other systems. The process works by connecting you to a group of servers through your internet provider. “A VPN creates an encrypted tunnel to secure traffic that flows through it, and to keep hackers out,” said Nanduru. “A corporate-managed VPN is generally used to tunnel specifically between your home and your corporate network, which then allows employees to access certain resources as if they were in the office.”

When employees browse the web from a remote or public location, all of the data they send and receive will be encrypted (or scrambled) and therefore safe from anyone trying to access it. McAfee offers VPN solutions such as McAfee Safe Connect VPN, McAfee Total Protection and McAfee LiveSafe.

Don’t put it off

With all the stress you’ve likely been under these past few months, you might not want to add another item to your ever-growing to-do list. However, cybersecurity is not something you ever want to put off. “People tend to freak out the moment a cyberattack happens instead of preparing for it in advance,” said Matt Papendorf, senior advisor of product marketing for Dell. “Think of cybersecurity as a sort of insurance policy to protect your business.”