Remote working has exploded since the start of the Coronavirus pandemic but it was already becoming pretty popular before Covid-19 hit as advances in technology has made a seamless connection with the office and the rest of the world so much easier. Data from the Office for National Statistics reveal that around 24% of the employed workforce were working from home in October 2020 and the imposition of lockdown has demonstrated to many companies that the office workspace might now be due a rethink.
Homeworkers are becoming converted to the upside of losing the hassle, time and cost of the daily commute plus the sheer flexibility that homeworking can offer around family life. However, for employers, whether the switch to homeworking was a growing trend or imposed on them by Covid, there are some serious issues to consider not least of which is online security for remote workers.
What are the unique security issues facing remote staff?
Remote working presents a series of potentially significant security risks which include:
- Poorly managed or vulnerable Wi-Fi connections
- Weak passwords and logins
- Vulnerable collaboration tools to link the workforce together
The potential rich pickings of remote working have not been lost on hackers and cyber criminals who have taken full advantage of the Coronavirus pandemic to exploit technological weaknesses in workforces who were bounced into remote warning in early 2020 with little or no warning.
Phishing emails have increased exponentially some of which shamefully surround the Covid disease itself impersonating medical organisations or more recently scams connecting to the recent January tax deadline for HMRC. The devastating effects of a data breach need no explanation but to add insult to what can be a very nasty injury, GDPR, introduced Europe wide in 2018, means that now businesses and corporations are also fined for any data breach they incur.
For organisations already squeezed by the impact of Covid and the challenge of managing remote workers during uncertain times, the prospect of securing their networks can seem daunting and potentially expensive. In reality, some very simple steps can be taken relatively effortlessly to help secure devices and data.
What are the most common types of threats for remote workers?
Covid-19 and remote working has created the perfect storm for phishing and the most common type of phishing attack still remains via business email. However, other types of attack are also on the increase in particular malware and ransomware.
Malware is as the name suggests a malicious bug or software which can make a device unusable and/or assume control of it, making it easy to lift confidential data. Ransomware takes this one step further and will lock up company data until a ransom is paid to release it. Amounts requested can be massive with no guarantee of a happy outcome either.
All these threats demand more proactive defence, a cohesive policy of security including reviews and updating and deployment of the latest software to stay safe.
What is MFA or Multi-Factor Authentication?
Some businesses have already blazed a trail on this simple step, it just means adding another one-time layer of security to a current login and password, for example, sending a unique code or pin to a mobile phone. Face recognition or fingerprint identification can achieve the same outcome.
There are two aspects to this very popular trend as far as security is concerned and these are:
- Use a secure platform – some are better than others and whatever package is chosen it should be business grade and not just designed for home or social use. Make sure employees are given the right facility and they can only speak to their colleagues via this route e.g. Zoom for Business
- Ensure that there is a written company policy that outlines what can and cannot be exchanged in a communal call or team meeting – it is so easy to take screenshots that can end up being shared with third parties or people who would not see this data under normal circumstances in the office
Review your VPN
A VPN or Virtual Private Network provides holistic end to end security which is especially tested when staff are working remotely. There are a few key steps that can beef up security such as:-
- Use strong passwords so a mixture of numbers, letters and characters
- Insist employees change their passwords regularly, this has to be mandatory so the system warns and reminds them and then they are compelled to do it
- Encryption should be mandatory
- House business documents in a safe location which requires conditional access
- Use information protection software so you can see who is accessing what
- Categorise documents according to their content so they can be electronically labelled allowing only certain people to access them
Remote working security policies
Taking steps like MFA in isolation will help but rather than improve security on an ad hoc and piecemeal basis, it may be better to write a security policy following a belt and braces risk assessment across the board.
- Identify weaknesses – a risk assessment should flag up areas where defences are inadequate and weak, a bird’s eye view of what is important to the organisation and how well it is protected (or not) should highlight deficiencies. Take note that one of the inherent weaknesses is a risk assessment that is not robustly reviewed on a regular basis – sometimes this is better undertaken by a fresh pair of eyes
- Make online security a priority –it is so easy to overlook this in favour of other priorities or costs. Develop and fund a comprehensive security plan or framework which is cogent and cohesive, dynamic and forward-thinking. Once you get in amongst it, there is a surprising amount to consider – devices, software, data security, network security, application security, employee compliance and mobile security plus don’t forget cloud security which is often overlooked. Make sure the plan includes disaster management and recovery should the worst happen
Remote working takes the issue of data security to the next level and at a time when everyone is so occupied with trying to survive big life changes, apart from the hackers and cyber criminals who are busy exploiting loopholes in remote worker networks like never before.
Develop a robust security policy that includes looking to the future and is not just a standstill measure. Data and network security is an ethos rather than a problem and should be factored into all long-term business planning. As the song goes, develop a suspicious mind and don’t trust anyone and never assume that it won’t happen to your company.
Computers in the City, your IT partner
Computers in the City is London’s longest-standing IT partner. With over 20 years’ experience, we can assist you to meet your IT support, consulting and cloud computing needs. We’re proud to be local, offering 24-hour support in straightforward language that takes the stress out of IT support.