Keeping home workers secure
Has your workforce been sent to work from home as part of the fight against Covid-19? If so, you are clearly not alone. However, if your organisation did not previously have a formalised approach to remote or home working, suddenly facilitating these new practices can be a challenge – and it can also introduce new security risks. Protection from one kind of virus could inadvertently lead to greater risks from others – the computing kind.
It is well-documented that cybercriminals have immediately begun capitalising on the global pandemic, preying on people’s fears, anxieties and desire for information to encourage them to click on infected links or open malicious attachments. And even when employees do not fall foul of such techniques, a sudden and drastic change to working practices can still leave your organisation vulnerable to other cyber threats.
How, then, can your organisation work to keep home workers secure? Here are our top tips.
Practice good hygiene
Password hygiene, that is. Good password practices might seem like a very basic tenet of cybersecurity – but they are basic for a reason. All your staff should be made aware of the importance of using strong and unique passwords. Ideally, two-factor authentication should be used to gain access to corporate devices and applications.
Use a trusted VPN
Many organisations, particularly larger ones, will already have a virtual private network (VPN) in place for supporting mobile workers or those across multiple offices. If this applies to you, consider whether it needs extending to support the increase in users engendered by home working throughout the pandemic. You need to ensure that reliable connectivity is maintained, because a drop in performance is likely to force users onto less secure home WiFi. If you don’t have a VPN in place, open source options are available, but make sure this is driven by your IT department, not individual staff members.
Ensure protections are up-to-date
Anti-virus, anti-spam, anti-malware – whatever filters and protections your organisation has in place they should, of course, be absolutely up-to-date. Remember that anti-virus software works by comparing incoming content to known examples of previous attacks, so it if is not kept up-to-date then it cannot comprehensively identify known threats. Make sure your staff are aware of this, so they appreciate that keeping the protection on their own devices up-to-date is not a ‘nice to have’ but a business necessity.
End-to-end encryption
A sudden geographic dispersal of your workforce is likely to ramp up your need for collaboration and communication tools. Where possible, choose tools which offer full end-to-end encryption of all communications, making it impossible for criminals to intercept your messages.
Avoid public WiFi
Given that your stuff should be working from home rather than public locations like cafes, this shouldn’t be a problem. However, it is worth reminding all staff that public WiFi can be particularly vulnerable to attack and interception by cybercriminals, and so particularly sensitive or business-critical activities should never be carried out on such networks.
Lines of communication
A sudden uplift in remote work is a great opportunity to undertake all-company communications as to the importance of cybersecurity and the good practices which each employee should be following. Remind your workforce that the vast majority of data breaches occur because of human error, and they all have a role to play in keeping each other safe – just as in the physical world.