Much has been discussed in the last few weeks about remote work, as many startups around the globe adopt this mode of virtual presence to cope with daily tasks and keep business processes alive.
Although almost every startup already has their favorite messaging and online collaboration cloud-based software, this article does not focus on their battle for the hearts and minds of entrepreneurial teams. It concentrates, instead, on the simple measures that any startup can take to reduce the probability of cybersecurity issues, now that even a larger part of their work flow will pass through online channels.
- Use secure online collaboration tools
Verify if the online collaboration tools that your team is using have end-to-end encryption and private data storage. Good examples of such online tools are Zoom, Trello, Flock and Slack.
2. Tell your team to avoid public wifi
Public wifi networks are a major source of illegal tapping, phishing and identity thefts every day around the world. Imagine making a purchase and having your corporate card cloned in the process. If you have no choice but to use a public wifi network, keep its use for non- transactional and non-payment operations, or use a Corporate Virtual Private Network (CVPN) software for all your employees instead of individual ones.
3. Make sure each startup computer has antivirus software active
This is one of the most basic recommendations in any cybersecurity list, and still many companies simply ignore it. When your devices have an up-to-date antivirus software license, you can worry less about detecting and blocking malware, suspicious content or links.
4. Set up two-factor authentication
Using two-factor authentication (2FA) and two-step verification (2SV) involve adding an additional layer of protection to your accounts. It might be confirming a random code you receive through SMS or email message, or via biometrics as finger print, eye or facial recognition. This way, if one of your passwords leaks or becomes the object of a data breach, hackers will have low probability of logging in to your account, without previously having access to your mobile phone or primary email. An even stronger protection is to use a second email account that only you know about, where you receive only those 2FA / 2SV codes.
5. Secure your home router
This one is really simple. Most of us have never changed the password in our home router since it was installed by the internet provider, leaving us more vulnerable. In addition to changing your router password, make sure firmware updates from the manufacturer are installed, so that the security is up to date, not forgetting to choose encryption type WPA2 or WPA3.
6. Use encrypted email and instant messenger channels
In remote teams, email is one of the two most commonly used digital channels. As sensitive documents and information are usually shared via email, it’s considerably risky to work with providers that do not offer end-to-end encryption, offering backdoors for hackers to steal information and install Trojan horses. CounterMail from Sweden, ProtonMail from Switzerland and TutaNota from Germany are good secure email service providers based in Europe, while Brosix is a robust option for corporate secure messaging based in Bulgaria with clients around the world.
Finally, and more importantly than any digital service you can install, make sure that your team is trained in behaviour that minimizes the risk of data leakage, such as not sending username and password pairs through one message and one vehicle, but through two channels and media and in code. Having a quick team call to go over the list above, and any broader company policies that you might have, could help get everyone on the same page and avoid future issues that could be difficult to clean up.