Remote working has been a growing trend for many years but with the Coronavirus pandemic that trend has exponentially increased. Even as we get back to a new normal, it is clear that remote working will still be an option for a lot of businesses as it has exposed the benefits of doing so.
Remote working presents a unique challenge for businesses when it comes to their data security because it’s likely that remote workers won’t have the same safeguard in place as the office.
As remote working is here to stay, there are some key security issues you need to be aware of and to put measures in place to prevent breaches to your network.
Software Updates
Ensure that operating systems and any software you use remains updated. The provider generally releases updates because they have found a flaw that be exploited and therefore counter that by providing the update.
Most modern devices will automatically apply updates by default but you may need to allow your computer to restart to complete the patching process. Don’t allow your computer to become vulnerable and carry out all necessary updates.
Use Antivirus software, Anti-malware and Firewalls
Ensure that all remote workers have sufficient and up-to-date antivirus software, anti-malware and firewalls installed on all devices.
Educate your staff on Cyber Security
Remote workers tend to be targeted as an easy win into your business network but you can’t expect your remote workers to know about all necessary security risks and preventative measures without educating them first.
Create clear security guidelines so they understand how to protect themselves and their data alongside investing in cybersecurity awareness training to ensure you have taken sufficient steps to educate them accordingly.
Passwords
Passwords need to be strong in nature to prevent outsides guessing them, however, everything seems to need a password and they all need to be different and frankly, it’s difficult to remember them all.
That’s where are password manager comes in. Your business should invest in one so that all passwords remain strong to protect your network but also, so that your employees can easily use them rather than defaulting to an unsafe path of using the same one.
Cloud Storage
Ensure your business files remain uncompromised by ensuring all updates to them remain centrally, in cloud storage. This means that if something does happen to the file, it is easy to recover a back-up and they will be protected by the firewall attached to your cloud storage solution.
Discourage your remote workers from saving their work to the desktop.
Video Conferencing Attacks
Video conferencing is pretty key to remote workers for many reasons and therefore, an area which opportunists try to take advantage. There are two ways you can be compromised; your webcam and the video conference software you use.
Hackers can easily access a webcam without permission, compromising on your security and privacy. Invest in a webcam cover, they are easy to install as they are essentially a sticky bit of plastic that allows you to move the cover easily when in use. If you have a webcam separate to your in-built one, ideally you should unplug it when it’s not in use.
Your physical meeting can be breached when you don’t use secure software. Uninvited people can gain access to your meeting to intimidate and harass, or even use it to monitor your meeting to leak information. By using secure software, you can minimise the risk by ensuring the software you use requires a unique ID and password for entry, create a waiting room to prevent people joining unexpectedly and ensure you lock the meeting once it starts. Also, ensure your software has end-to-end encryption and it remains up-to-date with the latest software updates.
Additionally, whilst you are in the video meetings, you may want to use the background feature to either change it or blur it, to reduce the risk of participants seeing sensitive documents you may be using.
Home Wi-Fi
Your wi-fi is an entry point for would-be attacked, don’t make it easy for them.
The first thing you should do is change your router login and password. Most people forget and keep the default passwords which are not only weak but are easily identified by a simple internet search. Ensure your password is strong.
Then, you should look to ensure that all firmware updates are installed and up-to-date, set up a task to ensure this is done, regularly, say, once a month.
You’ll need to check your wi-fi network setting to ensure you are using at least WPA3 security standard, though, ideally, you’ll use WPA2. You can increase the level of protection by using EAP-Transport Layer Security (TLS) for more secure user authentication.
Ensure that you review attached devices for any that don’t belong and revoke their access. You can limit the access by ensuring that all connected devices have to have your unique MAC address to be able to connect to your network.
Use a virtual private network (VPN)
VPNs are similar to firewalls. A VPN protects your internet browsing and any data transferred because it retains the same security, functionality and appearance as if you were within the business’s private network. It essentially encrypts your activity to prevent anyone from taken advantage of it whilst reducing the risk of cyber-attacks.
Two-Factor Authentication (2FA)
Passwords can be compromised but with two-factor authentication, access is only granted after two methods of authenticating your credentials.
Usually, the first factor is the password and the second tends to be a one-time code that is delivered, commonly to your phone via text or push notification, or though some use a separate device (not a phone) to receive the code.
Use Encryption Software
Encryption software encodes information so only those with permission can access it.
Sending emails with sensitive data is always going to be a risk. If you encrypt the data attached to an email, it will prevent an unintended recipient from viewing the information. Also, it is wise to encrypt your device to ensure that all stored data is safe in the case of theft.
Managed Endpoint Security
Endpoint devices such as desktops, laptops and mobiles are a point of access to your business network. You need to be assured that if your remote workers use their device that provides that entry point, that it won’t harm your business network.
When you employ managed endpoint security, you are in effect putting in a process to authenticate and monitor access to your network through your devices. You’ll have security policies put in place to prevent any external or internal threats to your network.
Your devices that are accessing your networks over remote/internet connections are the most prevalent devices that require endpoint management.
Backups
You need to have a strong back-up process in place across the business and to include how your remote workers are operating. When you are looking at a comprehensive data back-up and recovery solution, you need to decide on what frequency of back-ups is needed for your business. Many businesses opt for back-ups to be made several times a day, at key times, others, opt for 30minute increments throughout the day. It depends on your business needs but the idea is to weigh up the amount of data loss and what impact that will cause your business.
Remote Wipe
Should your device be stolen, you need to be sure that sensitive information isn’t accessed. You can remotely, wipe your device, you just need to find the settings on your device.
- Windows: Enable in Settings > Update & Security & Find my device.
- macOS: Setup iCloud on your device by going to Settings > Your Name > iCloud > Find My Mac.
- Android: Set up a Google account on the device and it will be enabled by default.
- iOS: Setup iCloud on your device by going to Settings > Your Name > iCloud > Find My iPhone/iPad.
Home Security
This may seem like an odd one to raise with your staff but just like you need to make it difficult for opportunists to access your corporate office, you need to ensure your remote workers are being just as cautious.
This means impressing on your staff the importance of ensuring their home office is physically secure when they leave it. Lock those windows and doors and don’t leave your laptop in the car!
Also, don’t forget to actually lock your computer when you walk away from the desk, just like you should if you are in the office, you never know what someone can see by looking through your window whilst you are taking a break.
See Also
Cyber security for SMEs
How to respond to a Cyber Attack on your Business
How to Increase Business Collaboration across Remote Workers
Running a Remote Contact Centre
6 Must-Have Tools for Remote Working
Tips on Keeping your Company Culture through Remote Working
Company Mobiles for staff – yay or nay?
Is Zoom the best video conferencing tool?
Top UCC Tools for Small Businesses