The last year or so has seen a massive increase in remote and hybrid working for large and small businesses. Whilst this was a necessity following the restrictions put in place due to the Covid-19 pandemic, there are many benefits to hybrid working.
However, with these benefits there also comes greater risks to cyber security with remote working. It is reported that 70% of remote employees experienced IT issues during the pandemic with 54% reporting a wait time of up to three hours for them to be resolved.
Does that mean that you should get all your employees back in the office as soon as possible? Not at all. There are precautions and steps you can take to alleviate these risks.
Provide employees with secure machines
Most people aren’t very tech-savvy, which means that if they’re using their own devices to conduct business at home, they could be opening your company up to cybersecurity risks. One solution to this is to provide your remote or hybrid workers with devices to work from. This allows you to set up their devices securely ensuring that your sensitive information is protected.
Bring your own device (BYOD) policy if not
A BYOD policy is where employees are allowed to use their own devices to conduct business from home with access to the company’s networks. There are usually predefined levels of access such as:
- Unlimited access – can access everything on the network
- Limited access – only to non-sensitive data and systems
- Access with IT control over devices, stored data and applications
- Access with restrictions on data storage on the device
Having this kind of policy in place will help mitigate the risks to businesses whilst allowing for hybrid flexibility.
Cyber Security Device policy
When it comes to remote working, it’s not just cyber security we should be concerned about. Whether working on a company machine or using their own, it’s best to have a cyber security policy in place for all employees to adhere to.
The policy should include the cyber security tips we mentioned previously such as:
- Making employees aware of cyber security basics
- Backing up data
- 2FA (two-factor authentication)
- Using complex and unique passwords
- Keeping software up to date
- Being careful with what they share online
Cyber security is more than just malware and cyber attacks. It is important to make employees aware of the importance of keeping devices, and subsequently company networks and data, physically safe. This includes:
- Locking devices when away from the desk
- Keeping devices out of view of windows
- Never leave devices unattended in public spaces
- Don’t include work devices in images posted on social media
- Ensure care is taken when transporting devices from one location to another
A stolen device can pose a massive security risk for businesses, not to mention the implications of GDPR if you work with customer data. A data breach can damage the company reputation as well as pose a huge financial risk.
Network Security and VPNs
A VPN is a Virtual Personal Network that allows for encryption between devices and servers. This allows for the protection of your business’ data whilst an employee is accessing internal systems and servers from home.
If employees are accessing business systems remotely, they should be doing so via VPN to ensure the risks to the businesses are mitigated.
Securing cloud-based applications
With hybrid working, many companies are using cloud-based collaboration applications to not only communicate through but also store and share documents.
Whilst this doesn’t inherently pose a security risk, it’s important to make sure you’re using 2FA when accessing these applications as well as backing up documents on other devices so that they are not solely saved on the cloud-based application as there is a risk it could go down.
Risks of burnout resulting in human error
There have been studies that show that those who work from home, work on average five hours more a week with an additional six hours of overtime compared to their office-based colleagues.
Whilst this doesn’t seem like a risk to cyber security in itself, the increase in hours can result in burnout for the employees. People who are overtired could be more likely to fall for a phishing scam or other malicious attacks on their devices. For this reason, it’s important to keep in touch with your remote workers, ensuring they are managing their time and that they have a healthy work-life balance.
As we’ve mentioned already, backing up your data is key as well as having a business continuity plan in place in case of data loss and hacking. Don’t just keep all your key documents on one cloud-based application. Remember the 3-2-1 rule:
- 3 Copies of your data
- 2 Back up copies on different media storage
- 1 backup located off-site
Cyber Security Awareness Month
We hope that these tips are helpful for you. Make sure you check out the rest of our Cyber Security Month blog posts for more information on how to protect yourself and your business!
Follow us on our social channels for regular updates and tips to help your business!
Get in touch if you have any questions!