With a mission to inform, empower, celebrate and advocate for British Columbia's current and aspiring business leaders, BCBusiness go behind the headlines and bring readers face to face with the key issues and people driving business in B.C.
Issue link: http://digital.canadawide.com/i/1296256
BCBUSINESS.CA SEPTEMBER/OCTOBER 2020 BCBUSINESS 61 part from the chal- lenges to teamwork and supervision, hav- ing employees work from home increases the risk of a digital security breach. Home wifi net- works and devices tend to have lower barriers to entry than in-office systems, with weaker passwords and less secure con- figurations, says Kemar Wilks, senior digital forensic exam- iner for Richmond-based TCS Forensics, a cybersecurity and investigation firm. He advises companies to: ■ Follow regular computer network and software patch management protocols and ensure that security versions with all computers and mobile devices employees use for work—including their own—are up to date. ■ Instruct staff to use strong passwords and multi-factor authentica- tion (MFA), which requires two or more steps to log into company networks and applications. (Micro- soft's Office 365 suite, for example, doesn't use MFA as a default setting, so you have to add it.) ■ Plan and organize remote vulnerability assessments or penetra- tion testing on virtual private network (VPN) security and web applications. This usu- ally involves hiring an external IT contractor—a "white-hat hacker"—to send phishing emails or try to break into the VPN portal to see how far they can get. ■ Conduct virtual security awareness sessions with staff to help them recognize phish- ing emails, misuse of the orga- nization's intellectual property and other security issues. BYOD CAREFUL If staff are using their own computers or mobile devices to access company email, networks and servers, Wilks further recommends that employers: ■ Utilize mobile device management (MDM), which lets companies control their data even if it's on an employee's phone. If the device is lost or stolen, the data can be imme- diately wiped to protect it from getting into the wrong hands. ■ Use geolocation restrictions. This means an employee can only access data when they're physically located at certain places such as their home or on the company's premises. ■ Only allow access to devices that meet security require- ments. In effect, an old unpatched phone with 1234 as the lock code shouldn't have access to the company's data because of the potential vulnerabilities. Some MDM ser- vices enforce this feature, but it's important for the IT staff to ensure that it gets done. ■ Get employees to review and minimize the permissions for any installed non-work- related apps. For example, a calculator app shouldn't need to access your photos, videos, calls and messages. —M.M. Working remotely may be the new normal, but it comes with digital risks. Here's how to protect your business A S K A L E A D E R OVER THE NEXT FEW YEARS, HOW DO YOU EXPECT WORK TO CHANGE AS A RESULT OF COVID? Historically, com- panies have been driven by profit, and while that is still important, there is an increased emphasis on balanc- ing a profit-centred business with a people-centred organization. Taking care of the health and well-being of your workers is paramount. Moving forward over the next few years, the focus will shift and rebalance itself from purely share- holders to more inclusively include stakeholders. – SCOT T THOMSON, president and CEO, Finning International