Six Best Remote Work Strategies 

/in

Remote Work Strategy in Action

If you have remote workers, then how you manage your business and employees has, and will continue to change. We often talk about the technology that makes remote work efficient and that can help integrate teams. But supporting remote workers requires a broader perspective and understanding of the workplace.  As employers, we remain responsible for providing a safe, effective workplace regardless of where our employees work. Here a few considerations as you plan your hybrid business and remote work strategy.

If you have remote workers, then you should consider the following six best practices for a remote work strategy.

Six of The Best Remote Work Strategies

  1. Are responsible for their work environments, including the same health and safety regulations that apply in the office.
    • Ensuring safe and appropriate workspace ergonomics, sound levels, lighting, etc. are responsibilities of the employer.
    • Provide your remote workforce with appropriate furniture, lighting, and ergonomic tools.
    • And yes, an employee working from home might be eligible for Workers’ Compensation if they trip over their dog while working.
  2. Need to accurately track and manage working hours for non-exempt employees.
    • Avoid wage and employment related liabilities by ensuring hourly workers are compensated for all work time, including when they respond to the random off-hours email.
    • Setting clear policies and expectations can help avoid work hour, wage, and employment issues.
  3. Are responsible for ensuring their work is secure.
    • Remote work environments must be managed and secured to the same levels as those working in the office.
    • Data privacy regulations, such as HIPAA, PCI, and SEC17, do not end at the office door.
    • Networks, systems, applications, and data require the same levels of protection regardless of location.
    • Similarly, physical protections must be in place for printed documents.
  4. Can be accountable for intellectual property stored on personal devices.
    • Establish a clear policy and procedures for the use of personal devices for work.
    • Include the need for the company to install software or productivity tools to manage the business’ information on the device, including but not limited to cyber protections, personal/work data separation, local encryption, backup/recovery, and the ability to remotely remove work related data in an emergency.
  5. Want to avoid “in-person” bias.
    • Remote workers need mechanisms and unified communication options to participate in the informal conversations and interactions we take for granted when working in an office environment.
    • Supervisors and managers should help workers establish and build effective relationships, including those that offer mentorship and guidance, with direct co-workers and others in your firm.
    • Measures of performance should, explicitly, avoid the implicit bias that in-person visibility correlates to better involvement and teamwork.
  6. Should understand the tax implications for your business, and employees related to working remote.
    • Having employees in other tax jurisdictions can make proper payroll tax withholding and filing more complex.
    • States may or may not have reciprocal agreements and some states are imposing new rules.
    • Remote workers may create nexus in some jurisdictions, triggering sales tax and other tax obligations.
    • Work with your attorney and financial advisors to understand your requirements and to ensure compliance.

Next Steps to Create a Remote Work Strategy

Cloud infrastructure technologies help facilitate remote work and hybrid work environments. You can deploy systems, apps, and tools to make remote and hybrid work efficient and secure. Remote and hybrid work models, however, span every aspect of your business.  Policies, procedures, operations, and culture all require attention, planning, and support.

Work with your legal and financial advisors, and your HR resources, to ensure  your remote/hybrid plans will benefit your business.

Service Update: Advanced Threat Protection

/in ,

Service Update Announcement

Beginning July 1, 2022, Cumulus Global is adding Advanced Threat Protection services to all clients using Microsoft 365 and Google Workspace.

With more than 40% of cyber attacks targeting small businesses and two thirds of attacks using email, Advanced Threat Protection is no longer an option. The stakes are too high. Recovery takes an average of 21 days and 60% of small businesses fail within six months of a successful attack.

To minimize the impact, we are waiving the standard setup fee and discounting the service by 20% for customers with an annual commitment. The fee will be reflected on your annual invoice or monthly invoices, as appropriate.

You may opt out of the Advanced Threat Protection service. To opt-out, please notify us by email prior to May 25, 2022. If you elect to opt-out, please review the terms of our Service Level Agreement as posted on our website.

Please contact us or schedule time with one of our cloud advisors if you have any questions.

Business Email Compromise – The Costliest Type of Cybercrime

/in

Email, Communications, & MobilityBusiness Email Compromise

While the massive number and scale of ransomware attacks get the most media attention, Business Email Compromise (“BEC“) attacks are the costliest type of cybercrime.

What is a Business Email Compromise (BEC)?

In a BEC attack, the criminal impersonates you and convinces somebody who trusts you to send money. While successful attacks often begin with unauthorized access to your email account, savvy criminals use email and domain impersonation techniques. They trick others into thinking that you are asking for, or instructing them to complete, a money transfer.

As we noted in a recent post, real estate agents and brokers are prime targets of Business Email Compromise attacks because they regularly discuss transferring large amounts of money with their clients. As noted in this recent email scam article from the Associated Press, however, BEC attacks are hitting a wide range of small businesses, nonprofits, and schools.

Business Email Compromise attacks succeed when cyber criminals are able to collate enough information about you to gain access to your account or impersonate you.  Here is how they do it:

  • Given that you use your email address to log into many systems, a third party breach can provide attackers with your email address and enough information to calculate your password.
  • Third party breaches often provide hackers with enough personally identifiable information (PII) about you to launch a successful phishing attack that captures your username and password.
  • Scanning social media posts can also provide hackers with enough PII to successfully phish for your identity.
  • Malware, known as an Advanced Persistent Threat (APT), that makes it past your endpoint protections can gather usernames, passwords, and other information while running undetected on your computer.

How to Prevent Business Email Compromise

Protect Your Identity

To keep your email account secure, you need to protect your identity.

  • Understand the risks and follow practical advice for safe online hygiene. Use unique, complex passwords across systems; avoid oversharing personal information; and learn to recognize phishing and impersonation attacks.
  • Use “Next-Gen” endpoint protections to prevent zero-day attacks, APTs, and more traditional forms malware.  These solutions use heuristics, AI, and behavioral analysis of files to identify an attack. They can also “roll back” changes to stop an attack.

Secure Your Email Service, and All of Your Services

Even as you protect your identity, you still need to secure your email service through proper data protection and security services.

  • Advanced Threat Protection (ATP) protects your account from phishing attacks, bad links, infected attachments, and other risks. ATP verifies sender information and test links and attachments in a “sandbox”, allowing safe messages to arrive in your inbox.
  • Two-Factor Authentication (2FA), or Multi-Factor Authentication (MFA), can prevent access to your accounts if your username and password are compromised.
  • Ensure that all of your information is encrypted at-rest and in-motion. Your email service should use Transport Layer Security (TLS) to encrypt messages between sending and receiving services.  Encrypt files on your local disk, on any file servers, and in the cloud.

Prevent Email and Domain Impersonation

As noted in a recent blog post, you can use three (3) different levels of email security to prevent email and domain impersonation.

  • Sender Policy Framework (SPF): Authenticates addresses you use to send email.
  • DomainKeys Identified Email (DKIM): Digitally signs messages to ensure emails are not altered en-route.
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC): Authenticates email origin and instructs recipients how to process bad messages. A DMARC service will track and report any potential issues.

These protocols and a DMARC monitoring service offer the best protection against BEC and impersonation attacks. They also help improve the deliverability of your email. Our ebook, Email Security: Good, Better, Best, dives deeper into this topic.

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.