Enter your details below and we'll get back to you.
Recent events have caused a seismic shift to the way businesses work. Those that have been able to transition to remote working have, in the most part, done so smoothly. But now’s the time to put the “new normal” under the microscope and ensure that remote working is secure and safe.
In the wake of the COVID-19 crisis, many businesses have made the decision to switch to permanent remote working, having adapted successfully to it over the last few months. This can save organisations significant overheads, in terms of office costs, and provide a more satisfying work–life balance for employees who need to worry less about the daily commute.
But remote working does present a number of challenges – particularly when it comes to cybersecurity.
According to a recent study by Apricorn, 57% of UK IT decision makers consider remote workers to be a significant security risk, exposing their organisation to the threat of a data breach. The study revealed that apathy was considered to be among the primary problems, with 34% of IT leaders stating that staff simply didn’t care about cyber security in the most part.
While getting staff working efficiently from home has been relatively pain-free for many organisations, there were perceived to be heightened risk from home network security, increased ransomware, phishing and social engineering attacks, as well as maintaining compliance.
Another survey canvassing 2,000 UK SMEs in April found that just 9% of employees had checked whether their antivirus software had been updated recently. The survey, reported by the Cybersecurity Association, also stated that 18% of staff were working from unprotected devices and just 26% had access to IT support from their employers.
Of course, the dangers of remote working aren’t limited to smaller enterprises. In fact, the logistical challenges faced by larger companies and the greater number of devices being used makes managing risk a greater challenge. And with phishing attacks, in particular, on the rise (one report claimed that phishing emails had spiked by 600% since February), any employee with an email address represents a potential target.
Thankfully, there are steps that can be taken to mitigate the risk of cyberattacks amongst remote working teams.
Simple measures are often the most effective, such as strong and regularly updated passwords on all devices. It’s more difficult to enforce the use of good passwords in remote working situations, but employers should highlight their importance to all team members.
With greater connectivity comes a larger threat surface area, so care should be taken when adding smart devices such as heating systems, fridges and home assistants to any network being used for work purposes. The recent explosion of smart devices and in-built connectivity has undoubtedly provided many benefits to households. However, the rapid release of these technologies has, in many cases, been done without adequate consideration to security.
In particular, home assistants such as Alexa or Google Home are thought to pose a significant threat to privacy. They can and have been proven to listen in to conversations and obtain confidential information.
For example, a work call to a colleague containing sensitive information might accidentally be recorded and find its way into the Cloud where it has no protection. Furthermore, hackers have been known to gain access to device cameras in the home to track activity and gather information.
Making sure these devices are configured correctly and patched when updates are released is crucial to good security foundations in the home. Where possible, work in a room away from smart devices with microphones or cameras.
With video conferencing becoming more commonplace in recent months, it’s important to remember the potential security risks that these platforms bring. Zoom, for example, saw its membership soar during lockdown, but has also been the subject of much controversy regarding its data protection, or lack of.
Without office controls on such platforms, it’s up to employees to monitor the security of their communication apps. Corporate and paid accounts are, on the whole, much more secure than free alternatives.
A secure network is one of the most effective barriers against IoT hacking. In general, home networks are less secure than workplace networks, and the router is often a weak spot.
Older routers are likely to host vulnerabilities that hackers can exploit, and access at router level can give hackers a doorway to sensitive information and network controls. Using a company VPN is advisable for organisations wherever possible, as it can significantly reduce many of the risks presented by remote working. But it is important to note that a VPN isn’t a guarantee of protection against all remote working threats.
Cloud-based platforms like Office 365 and G Suite are also useful, especially in remote settings. These platforms allow employees to access most of what they need securely, without connecting to the company VPN.
Of course, improving security measures to protect a business and its disparate workforce requires resource. According to a recent NCSC report, 90% of attacks are enabled by employees making mistakes or acting irresponsibly, which makes it clear that providing adequate training, guidance and support to staff is an important starting point. Giving team members the knowledge to make the right security decisions at home will dramatically improve an organisation’s risk posture.
Are you investing in your training and security post-lockdown? If you want to ensure that your business remains safe, secure and compliant now that you’ve established your new normal, the team at SRM can help. Find out more about our remote working support by contacting us today. Click here or alternatively call us on 03450 21 21 51.