Chris just coughed again. The entire office is eyeing him nervously. Google and Uber just announced all employees should be working remotely. You’re thinking- ‘is it time to tell the team to skip their commutes and do the same?’
As diagnosed cases of COVID-19 continue to rise in the UK and abroad, many employers are encouraging their employees to work from home to curb the spread of the disease. But it’s important to remember that remote working comes with its own risks. They may not send you to hospital, but a data breach due to poor cyber hygiene could do serious damage to the health of a business.
As a company that empowers other companies to take control of their digital security, we at CyberSmart are urging businesses to take swift measures to prepare their employees for working outside the office.
“Organisations are in the business of risk management and this no different. It’s so important right now that businesses be able to maintain continuity as they respond to the COVID-19 pandemic,” says Jamie Akhtar, our CEO here at CyberSmart.
“But part of that continuity means not opening the door to cyber attacks as employees access data from different locations.”
In addition to other risks, it’s possible that hackers, aware of the corner-cutting and relaxed security that can come with home working, may take advantage of the opportunity that comes with this corona confusion.
So what measures can you take to protect your employees and your customers?
Multi-factor authentication
According to this year’s Verizon Data Breach Investigations Report, 29% of attacks involved stolen passwords. Adopting a policy of multi-factor authentication (MFA) ensures protection is not limited to password encryption.
In addition to encouraging employees to create strong passwords, requiring MFA when logging into company portals adds an additional layer of insurance.
Only allow remote working on secure networks
When a team is used to working side by side in an office environment, the transition to a purely digital space can be hard on communication. If you don’t have your own channels in place, employees may begin to send sensitive information using their personal accounts such as cloud-based platforms like Dropbox or even through texting and social media.
Be clear about the channels your team will use to communicate with each other during this time so your company data isn’t unnecessarily exposed.
If your team is going to be working remotely, request that they use a VPN (virtual private network) or a secure home network with strong end-to-end encryption. Public spaces with open WiFi should be avoided.
Limit access to sensitive data to those who really need it
According to the 2019 Varonis Global Data Risk Report, 53% of companies found over 1,000 sensitive files open to every employee and 22% of all folders open to every employee.
Access to key system privileges and data should really only be granted to those for whom access is absolutely essential. Sometimes in remote working situations, employees may try to save time by downloading or saving company documents to their personal devices or in the cloud.
If a user can access only the data and services that they need for their work rather than all of the companies files, then only those particular areas will be affected if their account is compromised.
Require all employee devices to have security software installed
This is probably the most critical step for protecting against cyber threats with a remote workforce.
If you are encouraging employees to work from home, it’s important that the laptops and phones they will be using for work are as secure as those in the office. They should be fully equipped with a firewall, antivirus protection, and updated software programs.
Even for small teams, ensuring that every device of every employee has up-to-date security measures can seem a daunting challenge but it only takes one point of entry for a breach.
Many of the suggestions we’ve made here are requirements for the government guidelines represented in the Cyber Essentials certification scheme. As your team experiments with remote working, this may be a good time to consider getting certified for data security.
Our mission at CyberSmart is to help protect small and medium-sized businesses from cyber risks. That’s why we’ve developed CyberSmart Active Protect, an app that can be installed on any device – personal or professional – to routinely monitor its security levels.
Active Protect is based on the strategy behind the government-backed standard of Cyber Essentials. The idea is that by following a series of basic but key precautions, businesses can prevent 98.5% of cyber attacks. It continually runs in the background of your device, assessing its security, letting you know when your devices are failing the security checks, all whilst reporting to the main dashboard for your company admin to act if necessary.
Want to learn more about our round-the-clock security app or getting certified in Cyber Essentials? Over the next month, we are offering free consultations for businesses who are worried about their digital security. Give us a call at 020 3820 7501 or email us at [email protected].
