In these unprecedented times; companies of all sizes are enabling their employees to work remotely. Unfortunately, some organisations are not fully prepared for this sudden switch to a remote workforce, which could potentially put the company at increased risk of a cyber attack.
Many companies have company-owned and managed devices and robust security defences to protect remote access. Until recently, some smaller organisations might have thought that they did not need – or lacked the opportunity - to develop this type of infrastructure. This does not have to be the case: businesses of every size can take proactive steps to enhance their information security immediately.
For businesses of all sizes, we recommend these basic steps to help ensure your transition to remote working goes as smoothly as possible:
- Ideally, employees working remotely should use only company-issued or approved devices to securely access company resources. If employees generate business records on their personal devices and outside the company’s control, it may not only lessen their security but also complicate your company’s compliance functions, GDPR legislation, trade secret protection, nondisclosure agreements, record retention policies, and legal process, among other things.
- For company devices, consider prohibiting personal email or other non-business use.
- All devices should be equipped with up-to-date antivirus and anti-malware solutions, and follow regular software updates and security patch schedules.
- All data should be encrypted, whether in transit or at rest. Since remote workers may be operating on less secure networks at home or on the road, implementing a virtual private network (VPN) with multi-factor authentication protects these connections.
- If personal devices are used for business purposes, consider ways to educate and require employees to strengthen their security settings and firewall configuration. For example, require strong passwords, preferably 8-20 characters with combinations of capital and lowercase letters, numbers and special characters. You may also consider a password manager solution.
Employees also need to be vigilant and follow best practices when remote working. These guidelines may help protect data confidentiality:
- When working from home, individuals should exercise responsibility for their own personal electronic hardware like Wi-Fi routers, cable modems, printers, scanners, and portable devices. A backdoor into their home network may be a backdoor into the company network. Consider asking them to follow your company guidelines (or, if your company does not want to undertake to issue such guidelines, then their devices’ manufacturers’ guidelines) for keeping their software and firmware up to date, for using strong passwords and security settings, and for patching device operating systems regularly.
- Employees should keep electronic work files on company systems or on company-issued hardware, and not on their personal devices.
- Don’t leave sensitive information in plain view – on paper or onscreen.
- Make sure your device has a lockout feature after a short period of inactivity.
- Shred all paper containing sensitive information once it’s no longer needed.
- Use care before clicking on links or attachments in emails. Even if the sender looks legitimate, when in doubt utilise “out of band verification”, call the sender from a known good phone number to verify the messages authenticity.
- If you receive a phone call or email asking for your personal or financial information, do not share.
- Never share any user ID or password.
- Verify any charity or community group’s authenticity before making a donation.
The ultimate goals of information security are confidentiality, integrity and availability – ensuring that remote communications are private and unaltered, and resources are available when needed. By following these guidelines, you can help move your organisation towards achieving those goals and creating a safer, more functional remote working environment – helping your organisation stay connected.
More cyber advice to help you manage your risks and increase efficiencies, visit our Insight section.
Download this article here.