Throughout 2020 and into 2021 the movement towards a more flexible working culture has gathered pace. As we entered the first lockdown, for many it was the first-time employees had worked from home on a mass scale. As a result, many businesses focused almost entirely on the logistics of creating an environment that fostered productive remote working, such as tools to help people store files on the cloud and communicate via instant messaging and video calls. Once businesses made this transition and realised the benefits that came from flexible working, it has become apparent that we are unlikely to return to a structured office-based work environment.
Despite the benefits of working from home, there are a number of risks that companies could be exposed to. That is why cybersecurity is more important than ever for businesses that want to combine the flexibility of working from home with a strong cybersecurity strategy.
Before we consider the protective measures, what are some of the risks associated with remote working?
Unsecured personal devices
The first question to ask yourself is: can you be sure your employees will follow the same security practices they would in the office? The networks and security tools your staff use at home are likely to be far less secure than those in the office, especially if they are using their own hardware. According to a BitSight report, home office networks are 3.5 times more likely than corporate networks to be infected by malware. Even if they’re using company hardware, ZDNet reported that 52% of employees believe they can get away with riskier behaviour when working from home, giving cybercriminals more gaps to be able to exploit your business.
Lack of remote-working policies and procedures
Part of the reason employees are exposing themselves to risk at home is simply a lack of knowledge of the risks. The COVID-19 pandemic escalated so quickly that many businesses didn’t have time to put clear policies in place, leaving employees literally to their own devices. This makes cybersecurity a bit of a guessing game, whereas what is needed is a strong unified front.
Heightened risk of attack
It hasn’t taken cybercriminals long to figure out that switching to remote working has made businesses more vulnerable. VMWare’s Global Threat Report revealed that 91% of global respondents have seen an increase in cyber-attacks as a result of employees working from home. Meanwhile, the proportion of attacks targeting remote workers increased from 12% of all email traffic in March 2020 to 60% just six weeks later. Without the robust controls deployed by most corporate networks, it’s easy for people working from home to fall into the trap.
The other area cybercriminals are targeting more frequently is Virtual Private Networks (VPNs). VPNs have long been a weak point for cybersecurity because they were only ever intended for small numbers of workers to use occasionally, not whole companies all the time. As a result, many VPNs are vulnerable and provide cybercriminals with a much wider ‘attack surface’ to launch attacks.
Reliance on the Cloud
While using cloud storage is the safest option for most businesses, it’s not invulnerable to attack. Working from home naturally increases your reliance on the cloud and while it has a number of benefits when it comes to file sharing, cybercriminals are becoming better at breaking through supplier’s defences, breaching security to intercept data as it moves between employees’ devices and the cloud.
So, given the increased risks associated with working from home, what can businesses do to protect themselves from attack?
Provide clear policies and encourage communication
This is the most important step because clear processes are essential for businesses that want to have a strong security posture. If employees don’t know what behaviour is harmful, they will continue to make mistakes and create gaps for criminals. Companies must ensure that all security policies for workers are clear and easy to follow, including strong remote working security policies. Alongside a clear policy framework, it is important to foster a culture of communication. Employees will feel comfortable asking for help with something they don’t understand and are therefore more likely to report anything suspicious to internal security teams.
Maintain good password hygiene and keep software up to date
Set up a strong password policy and ensure everyone follows it. For example, employees should always use complex and different passwords, and two-factor authentication where possible. Your employees should also regularly install updates and patches for any software on their devices, no matter how much they enjoy not restarting their laptop for months on end. It is also worth encouraging employees to keep work devices strictly for work and personal devices for everything else. This helps to limit the number of sites employees visit can limit the risk of attack.
Secure Wi-Fi access points
Network gateways are an under-appreciated aspect of good cybersecurity. Most of us don’t think much about our Wi-Fi once it’s up and running. However, changing the default settings and passwords on a router to increase its security can reduce the potential of attack from connected devices.
Get Cyber Essentials certified
According to a report from Lancaster University, the measures laid out by the UK government’s Cyber Essentials (CE) scheme can mitigate 98.5% of cybersecurity risks. If you’re not already CE certified, following the process will help you build a great base level of security for shifting to remote working.
All of the options we’ve discussed so far will help you reduce the risks presented by working remotely. They can, however, be tricky and time-consuming if tackled individually, especially if you are already working from home.
The CyberSmart platform guides you through a simple step-by-step journey to becoming cyber secure. The process starts with an assessment of how you’re currently doing and guides you all the way through to achieving security you and your customers can trust. The platform also gives you the option to complete the Cyber Essentials certifications, whether it’s your first time or you need to renew an existing certification.
For more information visit https://www.ingrammicrocloud.com/uk/en/cybersmart/.