Cybersecurity Dos & Don'ts for Remote Working
Date: 1 April 2020
2020 saw a huge shift to remote working due to the global health crisis, and this may be a trend that will continue even once the pandemic passes. In fact, 74% of companies worldwide plan to encourage the trend of employees working remotely.
While this flexible working arrangement is definitely more convenient, it doesn’t come without its own set of risks — particularly in the realm of cyber security.
In fact, a recent report revealed that U.K. businesses lost at least £6.2 million due to cyber attacks in 2020. In order to reduce the chances of your company becoming a target of a security risk or data breach due to people working from their home offices, it is important you reinforce some sound cybersecurity strategies.
Here, then, are some basic dos and don'ts to keep in mind if you have a lot of remote employees.
You can also download our Remote Working Cybersecurity Checklist for more detailed and advanced information on how to keep your business & sensitive data safe when you have remote workers.
DON’T: Use public networks
Some public Wi-Fi networks need a password to log in, but that doesn’t automatically make them safe. Public networks are not secure, meaning other people can have easy access to it and there’s no firewall keeping you safe from malicious entities. One danger is you might end up logging on to a rogue network. This is essentially when a cybercriminal’s rogue hotspot pretends to be a public network, acting as a ‘middleman’ between you and the real network. This allows them to see all online traffic and even credentials you use.
DO: Ask employees to use a VPN
VPNs are a popular cybersecurity tool. While employees may use their own VPNs, some might skimp on it and go for the cheaper or even free ones. There are even fake VPNs out there that might end up stealing your data. Instead, opt for a business VPN, such as the Perimeter 81, which has a server designed for business users. They protect data and business security, not just the employees’. Confidential data and important files can be sent and accessed safely. Aside from security encryption, VPNs act as a proxy to the internet.
DON’T: Rely on just the home office router’s firewall
Home office routers already have default firewalls that keep intruders and third parties from infiltrating your personal gadgets. However, attackers have figured out how to hack them. Consider supplementing your home router firewall with a hardware firewall. It uses PCBs that are designed and manufactured using materials like solder mask, silk screen, and copper all on one board. The small board can accommodate elaborate security functions to ensure your network is safeguarded against external threats.
Computer updates aren't just there to add features and improve existing ones or to give you more speed. Software updates also patch security flaws. After all, cyber criminals are always coming up with new malware and trying to look for security lapses in your organisational IT infrastructure. So before you shrug off that software update notification, think twice as you might be putting your device and your business's sensitive information at risk.
DON’T: Assume that your business is safe
This is the most important thing you should avoid. As previously mentioned, cybercriminals are always looking for ways to attack businesses and individuals. According to 2021 cybercrime predictions, there is a cyber attack every 11 seconds and it will cost the global economy at least £4.2 billion a year. Truth be told, the perfect security strategy doesn’t exist. However, having enough measures in place can significantly lower your chances of being targeted. It is also important for employees and employers, both, to have some basic level of cyber security training so that they understand what repercussions their actions can have.
DO: Learn about phishing attacks
Executives and cybersecurity professionals aren’t the only ones who need to know how to handle cyber attacks. Unfortunately, even the best VPNs and anti-virus software won’t be able to do anything if employees fall prey to phishing attacks. You can train them by conducting phishing simulation tests, which can help them recognise phishing attacks. On top of this, you can also consider holding internal training or providing them with high quality literature so they can educate themselves on the common cyber threats and attacks mechanisms.
Download Cyber Management Alliance’s hugely popular Remote Working Cybersecurity Checklist here and distribute it amongst your employees to help them work securely.
You can also download NIST's technical Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security
If you’d like more information on our Cyber Crisis Tabletop Exercises click here or call us on +44 (0) 203 189 1422 or email us here.