Since the pandemic in 2020 remote and hybrid working is here to stay. However, the influx of employees now in a work from home (WFH) or hybrid role has come together with a huge insurgence of cloud- and web-based attacks and many companies haven’t given staff adequate protection for these threats, or even sufficient anti-virus software to protect the devices that they are working on remotely.
Some companies have had to totally alter their IT infrastructure to offer a WFH solution, whereas others have a more robust system that needs very little alteration to allow remote working to be safe for both employee and company. However, any WFH system needs to be managed well and continually maintained as cyber threats continue to evolve. Business owners might feel it’s a bit of a minefield, so here are seven tips on how to negotiate the cyber security needs of your remote or hybrid workers.
For many workers a lack of education about cyber security can lead to the infiltration of malware or ransomware scams. With GDPR regulations it’s vital that all employees understand how to handle personal data, what is appropriate action to take and how to manage risk as a lack of knowledge can lead to loss of data and compromise to the overall organisation. Workers need to be aware of Wi-Fi, phishing scams and other types of internet-enabled attacks from ransomware to telephone attack delivery (TOAD), social media and the exploitation of legitimate services, knowing how to spot and handle them in order to reduce the risk to the company’s data.
Opening the wrong email, or attachment, can give a cybercriminal access to company data or allow a virus into the system, and remote workers who aren’t being updated to recent threats are more susceptible to being fooled. For some, the idea of working from home can be synonymous with working from a coffee shop, however this may well entail working on an unsecured, unencrypted, plain text data Wi-Fi network, leaving the laptop, tablet or smartphone open to being hacked, or the loss of important or sensitive data. Education needs to be regular, updated and must incorporate robust company policies.
2. Home versus company devices
Providing your remote workers with company devices such as laptops and printers can be expensive, but personal computers are less secure than corporate ones which can have email filtering, firewalls and encryption to protect them and the company data. Another weakness in workers using personal devices is the Wi-Fi printer. A Wi-Fi printer on a home network creates serious security gaps that hackers can easily exploit. Staff may not have access to a paper shredder, so printing anything can put corporate information at risk. The safest solution is to have remote workers use a VPN to connect to the company network and to either disconnect the Wi-Fi printer, or just not allow printing outside of the office.
A VPN is encrypted, meaning hackers can’t steal data which is easily intercepted if employees are using plain text data on an unsecured network. Banning removable devices such as memory sticks and flash drives also prevents the potential for viruses to be transferred between devices. Employees should be taught to transfer files electronically via email, cloud storage or internet transfer as these can be scanned by virus checkers and, if necessary, blocked by firewalls.
3. Use a zero-trust framework
The zero trust framework works on the principle that all devices are hostile and must all be authenticated at every access point, including users inside and outside the network, whether cloud-based or local. This, along with a two-factor identification system, where users need to utilize both password and a separate code texted or emailed to a second device, helps to keep networks safer and prevent breaches, saving companies money and effort in the fight to keep data secure.
Encourage your remote team to make regular backups of work and data to protect them against accidents such as hardware or power failure, natural disasters, human error and especially virus attacks. Nothing is as heart-breaking as losing hours of precious work or company data which can cause massive damage and disrupt business operations. The best principle for thorough backup is to use all three of the following ways to back up; two local methods; the laptop or computer and a local hard disk which is separate to the computer and then thirdly on a form of cloud backup, which is remote. The cloud storage option also can enable employees to share files safely as cloud backups are generally protected by built-in security and encryption.
All computing equipment, whether laptops, tablets, smartphones, printers or routers need to have their software regularly updated as these ensure that the antivirus and firewalls are able to continue to work effectively in the war on malware and viruses, that continue to morph and attack the unwary. Not only do updates help to keep your technology cyber secure, but they also offer new features, improved functionality and extra speed to make the end-user experience more efficient, as well as preventing disaster striking in the form of data loss or worse.
6. Password creation and management
The biggest security risk to a computer network or security system is the human one, even if your systems are updated and backed up because of the use and management of passwords. Nowadays, when it’s necessary to remember so many passwords, it’s tempting to repeat them, or to store them in unsecure places and this can give an easy access for cybercriminals to access sensitive company information, personal data, or even for a virus to infect the network. Companies need a robust password policy and nowadays many also use login apps, a lock screen that is triggered after a period of inactivity, or even a password manager solution to help remote workers to store passwords securely and reduce the number of them that they need to remember.
When creating passwords, never use sequential numbers or letters, or personal information such as names, pets, addresses or dates of birth. The best passwords use a mixture of upper and lower case letters, numbers, punctuation and special symbols. Ideally, passwords should be at least 12 characters and an ideal password creation is to use a mnemonic which uses mixed characters from a memorable phrase, for example; ‘The young lady caught the 15:30 train today’ which can become ‘Tylct15:30Tt’. Passwords should never be shared, written down or used on multiple accounts and those used for business purposes need to be rigorously protected to ensure the safety of company data.
7. Pandemic fatigue
Understood to mean a “demotivation to follow recommended protective behaviours, emerging gradually over time”, pandemic fatigue often leads people to become demotivated and show less care for themselves, or keeping themselves safe. This has transferred to the workplace and in some cases begun to impact job performance in terms of shorter attention spans, the feeling of being displaced or disconnected, especially for remote workers, and virtual conferencing or screen time overload which means that they are more likely to make mistakes. This can be combated by having a company well-being policy to ensure that staff are being cared for, holistically helping workers to feel happier and therefore make fewer mistakes in their work and their online security.
Eclarity provides reliable Cyber Security Solutions for remote workers
Whether you’re a small company of five or a large corporation of 500 employees, cyber security is vitally important, especially for your remote workers. If the minefield of remote cyber security seems all too overwhelming, rest assured that Eclarity has the professional help and advice that you can rely on to keep your WFH team safe. Whilst your team has the flexibility to work remotely or on a hybrid system, your data and company systems can still be as secure – almost as if everything was being operated from in-house. With a comprehensive range of protections against viruses, malware and security for your internet, network and email systems you can rest assured that your data and company is in capable hands. Eclarity also offers managed IT packages to ensure that your company and all your systems are kept up to date keeping the heart of your business fully protected.
Contact us today to discuss your remote workers’ needs and how we can help you to keep them cyber-secure.