Before the COVID-19 pandemic, remote working was not uncommon but certainly not as widespread as it is today. Even when restrictions begin to lift and the country returns to business as usual, it’s likely that remote and flexible working will continue to be a fixture for many companies and employers.
Even if your employees are predominantly back in the office, you can expect that there will be a desire amongst future workers that remote working is offered as an option.
Why is remote working a security risk?
Remote working presents a challenge for business security because remote work environments don’t often have the same safeguards that an office environment would. Your employees will not be protected by those layers of preventative security controls that you may have put in place previously. When computers are taken away from the office, new risks arise; data encryption, unsecured wireless connections and the potential loss or theft of devices and data.
The good news is that evidence shows that many businesses are aware of this. In fact, UK Google searches for ‘cyber defense’ went up by 126% between January and March 2020. That’s up 116% from March 2019. Additionally, searches for other cybersecurity-related terms such as ‘cybersecurity services’ also increased by 44%.
So, what can business owners enforce to ensure that remote working is as safe as possible – now and in the future?
Avoid public wifi
This is perhaps one to flag with your workforce when the cafes reopen, but this also applies to those who may do a little work on the train whilst commuting, for example. Public wifi introduces a significant security risk and should be avoided where possible. Public wifi is just that – public. Other people can access it and therefore, the risk increases of them being able to also access your computer.
If you or your employees are out and about and need an internet connection, then encourage them to use personal hotspots from their phones instead. Although web traffic will be unencrypted between the hotspot and its destination, using a hotspot does eliminate the risk of getting hacked by those using public wifi.
Stick to using work computers
Where possible, encourage your team to stick to using work computers to complete their work. Accessing work data on personal laptops is a risk unless these personal laptops have a secure wifi connection, a VPN, encrypted drives and anti-virus software. If not, a personal laptop may not be safe for work information, as it could be compromised by a third party much easier.
Even just checking and answering a few work emails on your personal laptop one evening once you’ve returned from work can be a risk – let alone if your team began working on a personal laptop 9-5 once they made the work-from-home switch.
Make use of encryption
When minimising the risk of remote working, encryption will be your business’s best friend. Think about all those emails you send that may contain sensitive data. What happens if that is intercepted by a third party? By encrypting the data attached to an email, it prevents anyone unintended from viewing the information.
You could also ask that your employees encrypt their home wifi network. For example, their wifi router may not have a very strong password to protect the settings and configuration. The default passwords tend to be weak. Could they change this to something stronger?
Password management
And speaking of passwords, if you and your team use simple or identical passwords across different accounts, this also puts your business at risk. Although it makes passwords easier to remember, it also makes passwords easier to guess. Perhaps now is the time to run a password audit?
Alphanumeric codes and the use of two-factor authentication should become mandatory to make passwords as complex as possible and to add an extra layer of protection. It’s also a good idea to use a password manager platform, such as LastPass. LastPass stores your passwords securely and also generates complex and strong new passwords for you. If team members need to share passwords with each other, LastPass allows a way to do this safely as opposed to through an email or instant messaging platform.
Educate your team to be security savvy
It’s no use one or two people on your team being passionate about keeping the business secure – it only takes one person to make a mistake or two and security can become compromised. Your team may have no idea of the risks they face when working outside of the office, so it is up to you as a business owner to educate them.
This should include simple policies around keeping personal use and work use as separate as possible, avoiding letting their friends, family and children use their work system, and educating them on security risks such as phishing scams.
Unfortunately, online scams have dramatically increased since the COVID-19 pandemic. Action Fraud reveals that there have been over 200 reports of coronavirus-related phishing scams. Perhaps you could create a quiz for your team and present them with real and scam emails, and see if they can correctly spot the difference. It’s vital that they understand what legitimate communication looks like, and false communication.
Use secure cloud-based services
Instead of storing confidential and sensitive data locally, use secure cloud-based services where possible. Not only do cloud-based services allow you to run your business more efficiently (particularly when your team is working remotely), but they also offer much better security. A cloud host’s full-time job is to carefully monitor security, making it much safer to keep critical business data offsite.
A staggering 94% of businesses saw an improvement in security after switching to cloud-based services, and 91% said that the cloud makes it easier to meet government compliance requirements. Cloud-based services are hot on encryption, making it as difficult as possible for hackers or anyone unauthorised to view your data.
However, it’s important not to wholeheartedly rely on your cloud-based services. What happens if they become compromised? They are not immune from cyberattacks or going into administration. You rely on their consistent connection and if that is lost, how would you continue to operate? Your data will still exist, but you may not have a contractual right to access it.
That’s where SaaS Escrow comes into play. SaaS Escrow protects your critical cloud-based and off-premise software in the event of your hosting provider going out of business. It allows you to access your data for at least three months of business continuity, so you can continue with business as usual.
Don’t be without this extra layer of protection for your business. Contact us to learn more about SaaS Escrow by calling 0800 456 1115.