- 10th April 2020
- Posted by: Phil Aston
- Category: Uncategorised
Cyber criminals don’t need much temptation to exploit weaknesses within a company’s IT infrastructure. This is particularly the case when they identify employees who are working remotely in a less than secure fashion, even more so for financial services firms who carry very confidential and high-value information.
It’s thought that 16% of companies now exclusively hire remote workers, and that figure could rise significantly if the sudden increase in home working due to COVID-19 fuels a longer term trend.
Research published last year revealed that a third of IT decision-makers admitted their businesses were victims of data breaches because of remote working.
With that in mind, here are some steps your business can take to correctly handle cybersecurity for its remote workforce.
Realise that humans are the best form of defence
The best cybersecurity defences in the world will quickly be rendered useless if the workers themselves aren’t cyber aware.
A 2019 report by Proofpoint revealed that 99% of cyber-attacks use social engineering to get what they want. This means firewalls, antivirus software and network security in general becomes irrelevant if such attacks are successful.
There are three common forms of social engineering attacks to look out for:
- pressure to bypass security policies in order to obtain information in exchange for something that seems too good to be true (it is!);
- a huge sense of urgency forced upon someone to do something, often through fear or an impending deadline; and
- a seemingly genuine email from a co-worker or supplier where the tone of voice or wording just doesn’t feel ‘right’.
The more cyber aware your staff are, the more this cruel form of data theft will be cut off at source.
Always use a VPN
A virtual private network (VPN) enables remote workers to connect securely to your in-house network or cloud storage platform without revealing their identity to cyber criminals.
VPNs should always be turned on and used, whether you’re working via a coffee shop’s free WiFi network or your own at home.
On the subject of home networks, there are three things remote workers should do before using work devices:
- change the default administrator password for their router and make it as strong as possible;
- make all other passwords for VPNs and cloud services strong by using password generators and managers; and
- only allow people onto the network who they trust and ensure family and friends understand they’re not allowed to use work devices.
Whether it’s your operating system of choice or favourite Microsoft Office apps, automatic updates are vital.
Software and operating system vendors spend a great deal of time trying to stay one step ahead of cyber criminals. This is why you’ll regularly be prompted to update your systems.
Don’t ignore those messages or wait until later to apply them overnight. Make it a company policy that every piece of software used by each employee is always kept up to date via automated updates. The same goes for antivirus and anti-malware tools.
Do the simple stuff
Sometimes, it’s the smallest things that can prevent a cyber-attack.
When working from home, make sure the following strategies and habits are present throughout your organisation:
- turn off automatic WiFi connectivity (sometimes turned on by default on certain devices);
- uninstall unnecessary software from your devices if it’s not needed for work purposes;
- always lock your devices when you’ve finished using them or when they’re out of sight;
- think twice about opening attachments of which you’re suspicious or which originate from unknown senders; and
- don’t click on any link which looks dodgy or which has been sent to you by an unrecognised source.
The key lies in being dynamic, cyber aware and using only the best, most secure tools that are actively supported by vendors.
How can Compex IT help?
At Compex, we’re constantly investing in our own cyber security knowledge, from the simple stuff mentioned to the more in-depth technical infrastructure that goes into a secure IT stack.
We’ll even help you manage personal devices, because if information is leaked from those, the company is still deemed liable. It’s why we help businesses update their remote working policies to ensure they can transition to having more remote employees.
If you’ve never implemented a password manager or 2-factor authentication, we’ll help there, too, thus ensuring you have multiple layers of security for all the apps you use.
We go even further:
- implementing the correct VPN solution isn’t easy, but we can find one that encrypts your network traffic, and which is easy to use for remote workers;
- securing home workstations is key because home workers often become lax on security due to the fact they’re not in the office – we work on everything from physical security to security patching and updates; and
- standardising your email signatures will ensure fake internal emails are far easier to spot.
Our user awareness training and phishing simulations have also proven very popular, thanks to the rise in remote working.
Find out how we can educate your team on what to look out for, and much more, by getting in touch today.