Tom Henson, Managing Director of Emerge Digital, highlights 10 ways to keep your remote workforce – and your business – safe from a cyber attack.
Since the start of the pandemic we were encouraged to stay at home and stay safe, but how often did we stop to consider how IT cyber security factored into our new flexible working practices?
It’s understandable that as everybody rushed to enable working from home, concerns over cyber security weren’t always a top priority. While a lot of money and time has been spent protecting the IT inside our office including firewalls, network security, device updates and even physical security to protect server rooms, when staff started working from home a lot of these security measures were gone. Employees are no longer in that security bubble, so they – and your business – became an easier target for cyber criminals.
61% of businesses are estimated to have issued work devices to employees.
65% of those businesses did not deploy any new antivirus solutions for those devices.
We have seen an increased demand for our IT cyber security services, which is unsurprising when you hear that while 61% of businesses are estimated to have issued work devices to employees, amazingly in the rush to distribute them, 65% did not deploy any new antivirus solutions for those devices.
The cyber criminal has seen a weakness and they have targeted it. But with some good cyber security services, there are ways to protect your remote workforce, and your business from this increase in malicious cyber attacks.
1. Create a secure connection
A Virtual Private Network (VPN) is nothing new to many remote workers. It’s almost like connecting a cable from the machine in your house all the way back to the office. Everything going in and out of that machine goes through the office firewall, which is a great way to protect that machine, and your business, from the wider world. As businesses move to a fully hybrid working model they won’t have a physical network to connect back to, but there are a number of cloud IT services and cyber security services that offer an enhanced level of security.
2. Scan and secure email and establish a healthy email practice.
33% of cyber attacks get in via email. Typically, staff members are tricked into clicking links that they shouldn’t, which then either try and extort passwords, or deploy malicious files. The good news is there’s a lot of technology that can help. Microsoft Defender for Office 365 (formerly Advanced Threat Protection) in the suite of Microsoft 365 services, for example, is an easy to use tool that helps scan links or attachments for malicious content or potential viruses. This example of cloud IT services can help reduce the likelihood of threats getting in, but also remind people to watch out for these threats and be mindful of what they’re clicking on.
3. Enabling web filtering
When somebody clicks a link that is designed to do something malicious, like taking them to a malicious website, web filtering can really help reduce the likelihood of that threat executing. It stops staff stumbling upon a site that is going to try and infect their device or network.
4. Protect your company data
Big data allows organisations to capture, store and utilise so much information, while Power BI allows us to visualise it in new ways. But the more we collect, the more we can lose. As companies migrate to the cloud, they can share data through cloud platforms like Office 365 or SharePoint, but without those tools and a secure cloud firewall, remote staff will find alternative ways to share data and information that are potentially unsafe. Providing a way to safely and securely share information and data that is accessible by a remote workforce can prevent these unsafe practices.
5. Don’t use USB sticks
This seems to have dropped off the radar somewhat in recent months, but bringing USB sticks into a business is largely unsafe and something that should never be encouraged. People saving information from a home PC on to a USB is one of the easiest ways to share a virus. They may not know that their home PC is infected with a virus, they put the USB stick into their work machine to copy the files and potentially the virus is in.
6. Keep devices up to date
When a software company like Google or Microsoft release a security update, the criminals can compare the old version with the new version and see where the holes that the security patch is trying to plug are and they can exploit it. They also know that their virus will work for years to come because many people don’t keep their machines up to date. So keeping devices up to date is one of the easiest ways to reduce the likelihood that you will be exposed to threats.
If a work device is being used at home, it is at greater risk of being stolen, lost or falling into the wrong hands. Encryption makes sure any information or data on that device cannot easily be accessed. This is particularly important if you store personal or identifying data about others.
8. Take greater control of mobile devices
Nowadays, if staff have installed the required software and are connected to your company systems, their mobile devices have access to as much data as a laptop or desktop. Your choices are either not to let people use mobile devices, which is restrictive, or use them but make sure that you keep those devices secured in exactly the same way as you would a business laptop.
9. Look out for shadow IT
Shadow IT is where, without access to the necessary software, staff find alternative platforms to help them complete their work. They think they are working smarter or faster, but these platforms are outside of your control, which means you have no way of knowing if they are secure or not.
10. Reporting security issues
Making sure employees have a way to report security issues – and feel safe doing so – will ensure the impact of a cyber attack is minimised. Often the types of attacks are not particularly sophisticated, but they are designed to trick people into doing things they wouldn’t normally do. But if a cyber breach is reported quickly, normally, it can be stopped before any damage is done or the damage is at least minimised. If people make a mistake but don’t report it and it’s left to run then clearly the, the damage could be far greater.