“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” – Stephane Nappo
Due to the COVID-19 pandemic, remote working in the UK has increased significantly. According to the ONS, in April 2020, nearly 50% in UK employment worked from home.
Although many are now returning to the workplace, a great deal are choosing to adopt a ‘hybrid’ working rota, combining working from home and the office.
It is important for businesses to consider the cyber security risks that remote working presents. This article will explore what you need to know.
What are the risks?
There are numerous risks that online working itself presents, such as phishing, viruses and malware. Many offices will have established online cyber security policies and practices in place so that their office staff can work securely within work premises. However, flexible and hybrid working opens up the opportunity for hackers to access data through new vulnerabilities.
What about passwords and encryption?
Encrypting data before sending it via email or a secure file-sharing platform can ensure that access to data remains restricted.
Enhanced cyber security options like two-factor authorisation (requiring a password and PIN for example) can provide an added layer of security. Also, any ‘mobile’ device that holds corporate data should be encrypted. These include laptops, removable hard drives, memory sticks and phones. This will ensure that if the device is lost or stolen then the data remains safe.
These safeguards are especially important when employees are transporting work devices between different locations as the likelihood of loss or theft is far greater. It is important that businesses have contingency plans in place to support staff in these instances.
Does your company encourage BYOD?
BYOD, means ‘bring your own device’ and describes when staff carry out work on a personal device. Many companies allow their staff to use their own smartphones and laptops whilst working remotely. This is often a practical and efficient solution for your employees to work seamlessly from wherever they are.
It is important to provide staff with clear IT policies, to set boundaries and retain administrative control of company data. This will help to keep devices, company networks and data secure.
What should an IT policy include?
IT policies may include a range of measures. For example, ensuring employees have up-to-date anti-malware and anti-virus software installed on their devices.
It is important that employees don’t set ‘weak’ passwords for accessing company systems. Commonly used passwords are very easy for sophisticated hackers to guess (and even those less sophisticated. This becomes even more important when employees are accessing company networks and data from their own devices.
IT policies should also cover the essential training requirements that teach employees what security measures are needed when accessing their work and why they should be adhered to. Understanding the risks of common scams (such as scam emails) enables employees to mitigate the dangers from phishing and other hacking strategies.
How can you monitor cyber security in public places?
Steps need to be put in place to enforce cyber security when staff members are working in public places.
There are several ways to keep your device safe on a public Wi-Fi network. When using public networks staff should be advised to:
- Ensure the credibility of a network before connecting. If in doubt, don’t connect.
- Disable file sharing.
- Use a VPN to encrypt data and disguise the device’s IP address from potential hackers.
- Make sure the device has an up-to-date firewall and anti-virus software enabled.
The National Cyber Security Centre offers helpful information to companies planning their remote working strategy. You can also read our blog here on tips to help keep your corporate network secure when employees are working from home.
For more information, advice and support keeping your corporate network secure, get in touch with SupPortal today.