As businesses continue to go partially or fully remote, additional IT security risks are emerging. With employees working from home more regularly, it’s important to understand the factors that could pose a threat to your business.
In this article, we are detailing a few IT security levels that most companies fall within when working in a distributed fashion. These levels can help you determine where your security stands right now and how you can improve it.
Level 1 - Serious Security Vulnerabilities
Level 1 is most likely a very small business that has little technology in place. This applies to businesses that pretty much only have internet, Wifi, and phones at the office. Usually, this type of company has 1-10 employees working in the office, and technology has been pieced together as it was needed over the years. It's more common for these businesses to take an 'if it isn't broke, don't fix it' approach to IT.
Devices at Level 1 Devices used at security level one usually belong to individual employees. Often, employees use personal laptops or smartphones without a security policy in place, so business owners do not know if the devices have anti-virus installed or if the systems are updated regularly with security patches.
Email at Level 1 At security level 1, businesses may be using a free email service to communicate with their employees. Free email does not provide advanced monitoring for spam and phishing attacks, so every time an employee sends an email, they exponentially increase the possibility of a security breach.
File-Sharing at Level 1 Employees at security level 1 are sharing documents through email, and this is the prime method for criminals to spread malware and ransomware.
Online Meetings at Level 1 Most businesses use online meetings now. At this security level, if you use online meetings, you may be using a free service like Zoom (and there is nothing wrong with Zoom). Still, bad actors (cybercriminals) know about the increase in Zoom usage and are targeting those users.
IT Support at Level 1 These small level 1 companies usually have self-managed IT, which means they don’t have a professional IT service to monitor their technology and keep an eye on security risks.
If you fall into the Level 1 category know this
For a quick win, you can increase your password strength policy and implement password management software.
Devices – Ensure each device is updated weekly and has at least an anti-virus on it.
Email – Consider upgrading to a paid service with better email security.
Document Sharing – Upgrade to a cloud drive and ensure the documents have daily back-ups running.
Online Meetings – With a more robust password policy in place, this will reduce your risks of malicious activities with online meetings. You may even consider paying for a meeting service. Zoom and Ring Central both have paid offerings.
IT Support – Get some! Talk to a professional, even if you simply ask questions to get some direction.
Level 2 - Some Security Vulnerabilities
Level 2 companies may have experienced a technology event where some data was lost, and out of necessity, they decided to put some IT security in place. Another type of level two business may have someone on staff (or a business owner) who has the forethought to recognize the need to increase security. Either way, these businesses are making some moves and paying attention to the IT world around them. This business is most likely paying for at least one business-level service, such as Microsoft Office 365, Gmail, or a backup solution.
Devices at Level 2: The devices at this level may be personal or company-issued. These companies have a security policy in place to ensure updates to passwords happen at regular intervals, updates occur on schedule, and anti-virus is in place.
Email at Level 2: Companies at security level 2 are probably paying for a dedicated email service, but they may have no idea what the security protocols for their email server are. Examples of paid services include Gmail for Business or Office 365.
Document Sharing at Level 2: These businesses have a cloud drive set up for employees to share documents, but they may be unsure of where or how these documents are backed up.
Online Meetings at Level 2: This business is probably paying for an online meeting platform with some form of security, which is optimal.
IT Support at Level 2: Businesses at security level 2 have probably hired an IT company to do break-fix work.
How companies at level 2 can improve IT security
Overall, businesses at level 2 are on the right track, but there is still room for improvement, so keep your guard up!
Devices – Check your policy and update it for the remote environment. Consider adding a password manager software if you don't have one yet.
Email – Find out what your security policies are, make sure you understand them, and communicate them to your employees.
Document Sharing – If you have a cloud drive, that’s great, but without proper backups, you are putting your business at risk of losing data.
Online Meetings – Ensure that all your employees update their passwords for the service you use. Make sure this is part of your security policy.
IT Support – Consider moving to a managed IT services provider for scalable and more reliable service and security.
Level 3 - Be vigilant and stay consistent
Level three companies have this security thing figured out, but there is always room for improvement, so they should never let their guard down. These businesses likely have a dedicated employee for IT administration, or they have hired an IT firm to manage their IT needs. It is still good to have a backup plan for IT in case your current provider's services decrease in quality, or they do not hold to security best practices.
Devices at Level 3: These companies issue and manage all employee work devices and they may have a strict personal device use policy in place, which is optimal. These policies allow employees to use their devices safely based on each businesses’ security needs.
Email at Level 3: At this level, a business is using professional email products through Microsoft Office Exchange, and they might even have an Advanced Threat Protection service activated.
Document Sharing at Level 3: At this level, companies are using SharePoint or OneDrive, and files are backed up on a regular schedule.
Online Meetings at Level 3: Luckily, this is built into that previously mentioned Office 365 service with Teams. So, there’s no extra subscription or cost associated with online meetings.
IT Support at Level 3: At this level, chances are a business has an IT employee or a professional and proactive managed IT services provider.
How companies at level 3 can improve IT security
Overall, you're rocking IT security while your employees work remotely, but this doesn’t mean you should let your guard down. It’s important to have regular talks with your IT department or service provider.
Devices – Adding a password manager will reduce your stress and increase security exponentially. At Bit-Wizards, we use LastPass. Additionally, make sure devices are updated regularly.
Email – If you're not using an Advanced Threat Protection service, you should. Learn more.
Document Sharing – Make sure your back up services are up and running! Also, make sure you know where the data is stored and how to restore it if you ever need it.
Online Meetings – We suggest you update passwords for your Online Meeting service regularly.
IT Support – Have regular discussions with your IT support service. If you have an internal IT resource, depending on their workload, you may want to seek out a managed IT services company to augment and ensure best practices for your business.
No matter your level, we are here to help!
Bit-Wizards is here to provide any guidance you may need. Contact us today.
We always suggest that companies seek professional guidance when IT security is involved. No matter what level your remote workers are at right now,