With remote working on the rise faster than ever due to the COVID-19 pandemic, workers and businesses are now facing a whole new set of challenges. One of these challenges is how to stay secure online now that technology allows us to be more mobile than ever before. Even if they’re not spending all day out of the office, workers now check their emails on the go or take their devices with them to offsite client meetings, using other networks to log on. Actions like these could be putting your business at a higher risk of a cybersecurity attack if the proper measures haven’t been put in place.
With teams now divided between many more locations and using mobile devices without the sophisticated protection that an office system usually provides, it’s crucial that employees are aware of the risks, have the equipment they need and are following best practices to keep company data secure.
The first thing workers will need when working remotely is a reliable internet connection that is secure. This isn’t always readily available to everyone, especially at short notice. Some workers might resort to using a Public Network such as those available in coffee shops, hotels or airports, for example. This can be risky as the majority of security incidents relating to Wi-Fi take place over public networks.
In a survey conducted by Spiceworks, 61% of respondents said that employees at their organisation connect to Public Wi-Fi Networks on company owned devices. iPass’ Mobile Security Report from 2018 revealed that 81% of the organisations surveyed reported a Wi-Fi related security incident over the previous 12 months. In the UK, the vast majority of these took place in cafes and coffee shops.
While the risks of using Public Networks is clear, workers continue to use them on company owned devices.
Some workers may use their own computer or laptop for work purposes which presents a whole host of security issues. Your organisation will not have control over the security settings or capabilities of such devices. There is also the risk that by allowing workers to use their own devices and connect to the company’s network, malicious software could penetrate your security.
Mobile devices also present difficulties as many workers now have work-related apps or documents accessible on their phones. A report compiled by Wandera in 2020 revealed that 57% of organisations surveyed had experienced a mobile phishing incident and the vast majority of these occurred outside of email.
There will always be a security risk if employees are sharing work devices with family or friends. No matter how trusted an individual might be, there’s always the risk that they will click on a dangerous link or visit a website that puts you at risk of a security attack.
There is also a risk when employees use their work computer for personal activities. The best scenario is to have separate devices for work and personal use.
Over 90% of successful cyber attacks are a result of phishing attacks. This is when an attacker attempts to trick you into sharing personal data, such as bank card details or passwords, by pretending to be a trusted resource. A lot of these are easy to spot and many of us automatically remove emails or messages we don’t trust without even opening them. However, many of these attacks are becoming more sophisticated, even preying on fears prompted by Coronavirus. TechRadar reported on the increase in phishing attacks in the first quarter of 2020.
These guidelines might state that only company issued devices should be used for work purposes and that these should never be connected to Public Networks. There might be certain applications or tools that you don’t want your employees using for security reasons. You might want to impose a strict ban on sharing devices.
Whatever guidance your IT department may want in place, make sure that it is clear and easily accessible to all staff. All new staff should be given this guidance and existing staff should be encouraged to refresh their understanding of the rules regularly. Staff should be notified if an update is made to the guidance so they can adjust their behaviour as quickly as possible.
A VPN, or Virtual Private Network, allows you to connect to the internet via advanced encryption protocols to add security and privacy to your connection. Many businesses have been quickly adopting this technology over the last few years, however, the recent surge in remote working may have had a toll on their VPN network which probably won’t have been built to handle it. Increasing VPN capacity is crucial.
Keeping software and devices up to date reduces the risk of a security breach. Software updates do lots of things, crucially they fix any security holes that may have been discovered. If these aren’t repaired, hackers can take advantage of these weaknesses and infect your device. If your device becomes infected by malware, the hacker could steal your data, gain control of your device or encrypt your files.
Keeping your software up to date will also help to keep your devices running quickly and smoothly and give you access to any new features.
With more staff working out of the office and taking devices with them, there’s the risk that more of these could get lost. Using cloud-based software to store files means that you don’t have to worry about USB sticks or external hard drives containing sensitive data being lost or left lying around. Many businesses are turning to solutions such as Google Drive or Dropbox for convenience and the fact that your cloud data will generally be more secure than your local files.
It is relatively rare to find an employer who offers comprehensive cybersecurity training for their employees. Teaching your staff how cybersecurity breaches occur and what they can do to help prevent this is likely to reduce the risk of a breach. In order for your staff to practice good digital hygiene, they need to understand what the threats are and where they are coming from. A study carried out by Aberdeen Group & Wombat Security Technologies showed that even a relatively small investment in cybersecurity training has a 72% chance of significantly reducing the business impact of a cyber attack.
Employees should know what indicators there may be that one of their devices has been attacked. For example, has their laptop’s speed slowed down? Have mysterious applications or pop-ups appeared? Or have they experienced instances where they’ve lost control of their mouse or keyboard? They should also know who to notify if any of these things happen.
At the very least, employees should be advised on protocol for securely storing devices, developing and regularly updating strong and unique passwords, using two-factor authentication for third party services and policy on visiting non-work-related websites.
Even with all of these measures in place, it’s important to recognise that a breach may still happen. It may be a security weakness in some software or an employee clicking on a suspicious link in an email. If the worst does happen and you do fall victim to a cybersecurity attack, do you have a plan in place? Make sure you have a clear action plan in the case of a security breach and ensure that your IT department and management team know what this is so that it can be rolled out as quickly and smoothly as possible, minimising any damage.