There are many different ways to work from home. As we are seeing businesses thrust into allowing their employees to work from home regularly, we see some risks for IT security emerging. To help with that, we have detailed a few IT security levels that most companies fall within when working in a distributed fashion. These levels can help you determine where your level of security is right now and how you can improve it.
Level 1 - Serious Security Vulnerabilities
Level 1 is most likely a very small business that has very little technology in place. You probably only have internet, WIFI, and phones at your office. Usually, this type of business is 1-10 employees working in the office, and you have pieced together technology as you needed it over the years. It's more common for these businesses to take an 'if it isn't broke, don't fix it' approach to IT.
Devices at Level 1 The devices used in level one usually belong to the individual employee. Employees use personal laptops or smartphones with no security policy in place. So business owners do not know if the employee's device has anti-virus installed or if the system is updated regularly with security patches.
Email at Level 1 Here, businesses may be using a free email service to communicate with their employees, and we all know nothing is free! Every time employees send emails, they exponentially increase the possibility of a security breach because free email does not provide advanced monitoring for spam and phishing attacks.
File-Sharing at Level 1 Unfortunately, employees here are sharing documents through email, and this is the prime method for criminals to spread malware and ransomware.
Online Meetings at Level 1 We all have to use online meetings now, and at this level, if you use online meetings, you may be using a free service like Zoom (and there is nothing wrong with Zoom). Still, bad actors (cybercriminals) know about the increase in Zoom usage and are already targeting those users.
IT Support at Level 1 These small Level 1 companies usually have self-managed IT, which means they have no professional IT service to monitor and keep an eye on risks.
If you fall into the Level 1 category know this
For a quick win, you can increase your password strength policy and implement password management software.
Devices – Ensure each device is updated weekly and has at least an anti-virus on it.
Email – Consider upgrading to a paid service with better email security.
Document Sharing – Upgrade to a cloud drive and ensure the documents have daily back-ups running.
Online Meetings – With a more robust password policy in place, this will reduce your risks of malicious activities with online meetings. You may even consider paying for a meeting service. Zoom and Ring Central both have paid offerings.
IT Support – Get some! Talk to a professional, even if you simply ask questions to get some direction.
Level 2 - Some Security Vulnerabilities, Be on Guard
Level 2 companies may have experienced a technology event where some data was lost, and out of necessity, they decided to put some IT security in place. Another type of level two business may have someone on staff (or a business owner) who has the forethought to recognize the need to increase security. Either way, these businesses are making some moves and paying attention to the IT world around them. This business is most likely paying for at least one business-level service, such as Microsoft Office 365, Gmail, or a backup solution.
Devices at Level 2 The devices at this level may be personal or company-issued. These companies have a security policy in place to ensure updates to passwords happen at regular intervals, updates occur on schedule, and anti-virus is in place.
Email at Level 2 Companies at level 2 are probably paying for a dedicated email service, but they may have no idea what the security protocols are for their email server. Examples of paid services are Gmail for Business or Office 365.
Document Sharing at Level 2 Here, companies have a cloud drive set up for employees to share documents, but they may be unsure of where or how those documents are backed up.
Online Meetings at Level 2 This business is probably paying for an online meeting platform with some form of security, which is optimal!
IT Support at Level 2 These companies may be using someone's teenage son to fix their IT problems, or they may have hired an IT company to do break-fix work.
If you fall into the Level 2 category know this
Overall, you're getting there, but there is room for improvement. Stay on guard!
Devices – Check your policy and update it for the remote environment. Consider adding a password manager software if you don't have one yet.
Email – Find out what your security policies are and ensure you understand them and have communicated them to your employees.
Document Sharing – If you have a cloud drive, that is great, but without proper backups, you are putting your business at risk for losing data.
Online Meetings – Ensure all your employees update their passwords for the service you use. Make sure this is part of your security policy.
IT Support – Consider moving to a Managed IT Provider for scalable and more reliable service and security.
Level 3 - Be Vigilant, Stay Consistent
These level three companies have figured this security thing out! But they should never let their guard down because there is always room for improvement. This business likely has a dedicated employee for IT administration or have hired an IT firm to manage their IT needs. It is still good to have a backup plan for IT in case your current provider's service decreases in quality, or they do not hold to security best practices.
Devices at Level 3 This company issues and manages all employee work devices and may have a strict personal device use policy in place which is optimal. These policies allow employees to use their devices safely based on each business’ security needs
Email at Level 3 At this level, a business is using professional email products through Microsoft Office Exchange, and they may even have an Advanced Threat Protection service activated.
Document Sharing at Level 3 At this level, companies are using SharePoint or OneDrive, and files are backed up on a regular schedule.
Online Meetings at Level 3 Luckily, this is built into that previously mentioned Office 365 service with Teams! So no extra subscription or cost associated with online meetings!
IT Support at Level 3 Chances are at this level; a business may have an IT employee or a professional and proactive Managed IT Service provider.
If you fall into the Level 3 category know this
Overall, you're rocking this IT security while your workforce works from home, but don't let your guard down. Have regular talks with your IT department or service provider.
Devices – Adding a Password Manager will reduce your stress and increase security exponentially. Make sure updates are regularly occurring.
Email – If you're not using an Advanced Threat Protection service, you should! Find out what it is here.
Document Sharing – Make sure your back up services are up and running! Also, make sure you know where the data is stored and how to restore it if you ever need it.
Online Meetings – We suggest you update passwords for your Online Meeting service regularly.
IT Support – Have regular discussions with your IT support service. If you have an internal IT resource, depending on the workload for that person, you may want to seek out a managed IT services company to augment and ensure best practices company.
No matter your level, we are here to help!
We always suggest that companies seek professional guidance when security is involved. No matter what level your remote workers are at right now, we are here to provide any guidance you may need.