Cyber Security Implications of Working from Home

Companies are seeing dozens of different cyber attacks each week, and with staff working from home, the risk is exacerbated.  For example, here are just a few of the current trends that you may recognise. Your staff may receive:

  • emails supposedly from their Helpdesk asking them to change their passwords, or
  • a WhatsApp message pretending to be from the CEO asking for money to be transferred, or
  • an email saying that the user has been in contact with someone who has got Covid-19 and needs to click a link

Having staff working from home during the lockdowns has made the situation worse, as it is much harder to manage everyone remotely. With one in three UK workers currently based exclusively at home, this remote working on a vast scale continues to be a major headache for IT departments, and standard processes and protocols are far harder to administer remotely.

Recent studies show that many firms are not taking the issue as seriously as they should. For example, according to a recent survey one in five UK home workers hasn’t received any training on cyber-security. A separate study last year found that 57% of IT decision makers believe that remote workers will expose their firm to the risk of a data breach. This was made worse at the beginning of the pandemic due to by the rush to set the remote working practices up, leading to even the simplest data protection practices being ignored. In most cases, companies did not provide additional security relating to computers, electronic communication, or phones.

So, what can both companies and home working staff do to make things as safe and secure as possible?

One key Area is to supply staff with laptops and other equipment that are owned, controlled, configured, and locked down by the company. This can alleviate the burden on your staff to set things up correctly, and ensures your they adhere to the company’s security controls. This should hopefully mitigate your employees’ PC or laptop, that they were doing confidential work on during the day, potentially becoming more at risk from malware if used for their own personal use in the evening.

Mitigating the Danger

There a number of avenues to follow to help secure you data.

  1. If an employee falls victim to an attack, make sure that they know
    • who to contact, and
    • that their alert is positively welcomed, as you don’t want people afraid of repercussions and thus covering up mistakes.
  2. As mentioned above make sure that there is a virtual private network (VPN) set up so that remote computers have secure and encrypted connections with the firm’s servers, and everyone else in the company.
  3. Ideally provide work equipment, fully secured and locked down (a good tip would be to disable USB ports)
  4. Make sure that the documents are automatically backed-up to something like One Drive, or a secure end-point backup solution.
  5. If feasible, issue them with secure wireless network devices which will automatically attach to your WAN.
  6. Provide users with regular training on cyber security document and test this training.

If you need some expert assistance with your cyber security in relation with your home working employees then reach out to ADAM Continuity, one of our technical consultants would be happy to talk through this with you and identify some quick and easy steps you can put in place, which will protect your IT now and in the future.