The Coronavirus has caused many companies to move to remote working to help keep their team safe. However, working from home is very different from working in the office, especially when it comes to cybersecurity. Here are 10 ways to protect your team from cybercriminals while they work remotely.
While the Coronavirus, or COVID-19, continues to dominate the news many companies are making the effort to move towards remote working where possible in an effort to reduce the spread of the virus and to help keep their staff safe. It makes sense for employees who can to work from home during this crisis to help businesses continue to operate.
Working from home offers a wide range of problems and obstacles to both employees and managers that can negatively affect team morale, productivity and communication. Working remotely can also present a number of cybersecurity issues that you may not have thought about.
Companies usually put a lot of effort into thoroughly protecting their networks and devices in the office and unfortunately, it is unlikely your employees’ home will have the same level of protection.
This can leave confidential documents or private information at risk of being leaked. Here are 10 ways you can help protect your team and minimise the cybersecurity risks while you are working remotely.
Give your employees basic security training
Majority of data breaches are caused by poor cybersecurity training for staff which leaves them vulnerable to phishing emails or social engineering. It is good practice to provide your staff with a basic level of cybersecurity training normally, but this is especially important for remote working.
Attempts to gain access to confidential data via phishing attacks are likely to increase during the lockdown and Coronavirus scams are already on the rise. Employees should be provided with the basic knowledge to recognise phishing emails and avoid clicking links in emails from people they do not know, this will highly decrease the chance of credit card theft.
Inspiring your employees to make extra efforts to protect company information while working remotely can be difficult. This article provides some simple tips to help inspire employees to go the extra mile.
Install antivirus software
Most people have some form of antivirus software already installed on their home computer or laptop. However, it is essential that you require your team to protect any device that is going to be used for work and prevent malware from compromising your system.
If your employees are unwilling to pay for a security solution and the company is unable to cover the cost there are a number of free antivirus solutions available that will significantly reduce the risk of getting infected.
Secure your home network
Having your employees protect their computer won’t help if cybercriminals are able to connect to their Wi-Fi or access their router. This is why it is important to ensure that your employees configure their network connection correctly if they are working remotely.
The first step is to ensure that your connection is encrypted so that anyone attempting to connect to your Wi-Fi will need to provide a password. This will keep confidential information safe from prying eyes.
The next step is to have your employees reset the default password for the router. Default passwords for Wi-Fi are usually weak and easily found on the internet. Finally, ensure that your encryption is set to WPA2 or WPA3. This will help to protect your home network and prevent malicious parties from accessing any connected devices.
Provide your team with VPN access
A VPN is a great way to improve your online privacy by encrypting all of a user’s internet traffic. A VPN will provide an additional layer of security which will hide the user’s IP address, encrypt data transfers in transit and also mask the user’s location.
Many organisations already have a VPN service in place and it is only a matter of ensuring that that has sufficient seats to offer protection across your employee base. Once all remote employees have been provided access to the service it is essential that they use it for all business-related activity.
In addition, a VPN is great for protecting your device if you are using a public Wi-Fi network, at a coffee shop for example. Public Wi-Fi networks are usually not encrypted, allowing other users to potentially spy on you. A VPN will encrypt all of your data, regardless of the network settings.
With all of this information available today, you must download VPN software on your device to keep things safe and centralised.
Ensure your team’s software is updated
Many cybercriminals take advantage of vulnerabilities in applications and operating systems of computers and other devices to infiltrate other people’s devices. Cybercriminals also often rely on people not installing the many updates that are released to patch these vulnerabilities.
This is why it is important for you to encourage your team to upgrade their software as often and as quickly as possible.
By updating your software regularly it is less likely that anyone will be able to exploit those vulnerabilities. In many cases, it is possible to set updates to run automatically overnight, meaning that you won’t even be inconvenienced by the update.
Important work documents or data could be lost in a number of ways, ranging from human error to cyberattacks. Ransomware and other kinds of malware have the potential to wipe out entire systems before anyone can spot it. This is why it is important to ensure your team backs up any work-related data on a secure and reliable online backup service.
If an online service isn’t a possibility, employees should be encouraged to make use of an external drive to back up their devices. If your business or organisation makes use of an MDM (mobile device management) or an EMM (enterprise mobility management service) then you may already have the ability to set up an automated backup.
A cloud backup service is usually the more convenient and cost-effective way to backup any data online. Cloud backup services often come with a wide range of options that allow you to customise the system to meet your needs.
Use encrypted communications
Communication between your team is going to be more important than ever during remote working, and more difficult. In addition, managing your team while everyone is going to be working remotely can be a big challenge. This guide offers some great advice on how to effectively manage your remote team.
It is also likely that these communications are likely to include sensitive information. It is more than likely that your company or organisation already has a secure method of communication, such as a corporate email system. However, if it doesn’t it is vital that you make use of encrypted communications while working remotely.
If your company does have secure corporate communication resources available then it is important that your employees make use of it when exchanging documents or any confidential information. In addition, corporate email usually has less spam than your personal email, making it easier to keep track of important emails.
Make use of two-factor authentication
Making use of a strong password is increasingly becoming not enough to protect your confidential data. Especially if your credentials were leaked in a data breach.
Making use of two-factor authentication and two-step verification adds an additional layer of protection to your accounts which helps to keep your own private data and your confidential work documents safe from cybercriminals.
Speaking of strong passwords now might be a wise time to run a security audit of your employees passwords. This would involve resetting and redefining your employee’s passwords to be in line with a stringent security policy.
These new passwords should be made up of alphanumeric codes rather than a name or place etc. This removes the chance of passwords being guessed. Combined with the two-factor authentication, these stronger passwords will make your system much harder to access.
Always lock your device when you leave your desk
Locking your screen when you are away from your device is a best security practice when working remotely or in an office. Anyone passing by could catch a glimpse of your work emails or private documents while you are away from your desk for a bathroom break or to make a cup of coffee which would be a data breach.
Even if you are working from home and there is no risk of a stranger being in the room locking your device is still a good idea, if only to prevent your cat from sending an unfinished email to a client or a curious child accidentally deleting your day’s work. It also goes without saying that your device should be password protected at all times.
Look out for phishing emails
Phishing emails are one of the most common causes of data breaches and it is important that everyone in your team knows how to spot one.
With so many more people working from home during the lockdown cybercriminals will likely be looking to take advantage of this to target remote workers in an attempt to gain personal information that can be used to gain access to company accounts.
The increased number of digital communications will also make phishing emails harder to spot and some highly convincing emails might sneak into your corporate mail.
Ask your team to read messages carefully, always check the email address of the sender to be sure they are who they say they are and if someone requests important documents or immediate payment don’t hesitate to call the person and verify the request before doing anything.
In addition, always be suspicious of emails with links. Check the link’s destination before opening it and if it doesn’t look right, don’t risk it. Similarly, if the link sends you to a site you use, such as OneDrive, don’t enter your credentials via the link. Instead, open the site in a new browser manually and proceed from there to prevent your login details being stolen.
Working remotely can be a big change to everyone and it is important that we support our team to ensure that their productivity, health and wellbeing don’t suffer from the changes. Remote working also presents a range of cybersecurity risks.
However, by working together and making some changes to how companies operate we can protect our employees and our companies data from cybercriminals looking to take advantage of this crisis.
About the Author
Dan Baker is a Content Writer who works with SecureTeam, a cybersecurity consultancy practice based in the UK. SecureTeam provides a wide range of cybersecurity consultancy services to small and medium-sized businesses across the UK.