Remote working has brought significant additional risk to the Cyber Security of businesses and organisations. Our Technical Director, Rupert Walmsley has produced a video explaining the considerations that business owners should make. Read and digest the salient points below; they could make the difference between an efficient, smooth-running business, and one that is hit by a debilitating cyberattack.
Firstly, consider how many unknown devices and locations are being used to connect to your company’s most important data. Are you staff using company-purchased kit and networks, or are they working with their personal devices via home networks? And if they are using their own laptop, for example, do other people have access to it for personal use? Is the personal kit up to date – has it got the latest security updates in place? Is even basic anti-virus software running on the system?
Have you considered where your team members are working?
Are you allowing home working only, or can networks be accessed from public locations, such as coffee shops, where there are prying eyes. Are you using VPN which increases security? And are there legitimate connections being made from abroad? Consider the criteria by which you want to allow access to your data and then put security measures in place specifically to meet those criteria.
Increased availability to access is also a consideration, such as logon hours
Traditionally, it’s been possible to limit logon times to those during which staff will be working. As we all know the 9 to 5, Monday to Friday structure was being nibbled away at before the pandemic but the past 18 months have dramatically accelerated change. It’s now much more widely accepted that productivity is increased when staff can work hours that better fit their lifestyle. Cloud services, available 24/7, are designed to cope with new working patterns, but these also open up the opportunities for hackers to pounce.
If ports within the VPN, for example, are opened up to allow remote working logons, it makes it easier for criminals to worm their way in using common usernames and passwords. Also, which software is begin used to allow logons – is it company-sanctioned software or an application that a well-meaning staff member has installed off their own bat? And are we allowing access to a specific resource or our entire network – consider which resources each individual / team need and only allow access where it’s essential.
Human behaviour is another vital consideration
Most people want to do the right thing, and want to get their job done. However, when working remotely, they may find creative workarounds on their home machines and networks that aren’t possible within the work setting and network. A recent survey found that 67% of remote workers transmit confidential information using personal accounts! Reasons given were that certain apps were easier to use, and because they hadn’t been told not to.
Remote workers must be made aware of the risks to the company when they don’t use company-sanctioned hardware and software. Additionally, business owners need to take control of the situation by putting processes and systems in place to make remote working straightforward, efficient… and secure.
Increased email traffic has given hackers more opportunities
Cybercriminals have recognised that email is more widely used as individuals work in different locations and have upped the number of email phishing attacks.
Remote working / hybrid working is here to stay
As IT providers we work with business owners to discuss remote working Cyber Security risks, the amount of risk that is acceptable, and what needs to be carried out in order to minimise risk. Every business is different and will need particular functionality at their fingertips. Having the right policies, hardware and software in place is vital, but individuals also need to take their responsibilities seriously. We all understand our health and safety obligations within the workplace – we now need to ensure that Cyber Security achieves similar recognition and status where responsibility is that of everyone.
Using a trusted IT provider can make a huge difference to the success of your Cyber Security measures. At Net Primates we are in frequent contact with Cyber Security specialists around the world, learning about the latest threats and sharing vital knowledge. We bring that knowledge to every conversation and can help you to make essential Cyber Security decisions that balance working considerations with associated risk.
What can you do now?
Review your existing remote working facilities. Document which applications and services are acceptable within your business and encourage staff to let you know what they would like to use – they may well have many good points. And watch the Collaboration video – next in the series – to maximise your chances of Cyber Security success.