Even as the pandemic begins to die down, more companies are allowing staff to stay working remotely rather than bringing them back to the office.
There are many benefits to this for both employees and employers, including more flexibility and higher morale, less (or no) time travelling, saving money on travel costs, reducing the impact of car journeys on the environment, and more.
But with more people working remotely, the risks of cybercrime attacks increase and so does the need for better cyber security to handle new challenges.
How cybersecurity has changed with remote working
When the pandemic first began and companies had to shift rapidly to remote working, it was a case of getting everyone set up with what they needed to do their job as quickly as possible and not necessarily of going as deeply into cyber security as they otherwise might have done. It was firefighting, plain and simple, just to ensure work could carry on as it had before.
As the pandemic has progressed and with more employers planning to allow remote working to continue after the pandemic, cyber security departments are now having to ensure they are on top of any risks to their company from what could turn into permanent remote working.
If it hasn’t already been done, by this point, IT departments are now likely to be introducing and enforcing home working policies, the use of work only laptops, education of staff on how to protect themselves, and more.
The challenges of remote cyber security for businesses
Cyber security used to be more centralised and relied on company firewalls, the in-house IT team or managed service provider, and a system that automatically pushed updates and patches to software.
Now, cyber security teams have to deal with individuals using laptops that are not company issue, accessing the internet via home broadband, and using their work laptops for personal use, among other challenges.
Not only has the number of cyber-attacks increased significantly during the pandemic but so has the risk simply from staff working from home and either not knowing how to stay safe or not thinking to do things in a way that mitigates the risk of cybercrime.
HP produced a report on just this problem which revealed alarming statistics, like the following:
“70% of office workers surveyed admit to using their work devices for personal tasks, while 69% are using personal laptops or printers for work activities.”
“27% of respondents use their work device to play games more than before the pandemic – rising to 43% for parents of children aged 5-16.”
“27% of office workers surveyed say they know they are not meant to share work devices but felt they ‘had no choice.’”
That’s disturbing reading for any IT security professional and shows just what they’re up against in trying to protect their companies from attacks.
How can businesses protect remote workers?
Businesses need to ensure that their IT departments are fully aware of the risks of remote working and are doing everything they can to secure all systems, including those working from home.
One thing that can make a big difference is education. If businesses teach their remote workers how to set up their home office safely, including how to set up Office 365’s own security measures, how to spot phishing scams, and what to do if an attack happens, staff will then know how to help themselves and how to guard against cyber-attacks.
Another helpful tool is to create and enforce company policies on remote working, including email security, acceptable use, personal use, allowing others to use work computers, and more. With a proper policy, endorsed by top management, staff have clear guidelines on what they can and cannot do.
Employers can also enforce the use of strong passwords, different passwords for each app, and regular changing of passwords. This can be done by the IT team using password management software, and employees can be encouraged to use apps such as LastPass to generate and remember strong and unguessable passwords. This reduces the likelihood of staff using the same password for everything and helps to prevent hackers from cracking weak passwords and then getting further into the network.
These measures, along with a range of other IT solutions, such as antivirus, firewalls, work only, company issue laptops, endpoint security, and two-factor authentication can help to keep remote workers as safe as possible.
What preparations should a business make for a remote cyber incident?
As you’d expect, it takes a lot of planning, including looking at your vital systems, planning what to do if they go down, ensuring regular, secure backups are in place, and having a plan for how to recover quickly from such an attack.
Of course, prevention is better than cure, but it is still better to be prepared and know what to do should the worst happen.
About Nathan Hill-Haimes
Nathan is an Investor & Co-Founder at Amvia, a serial telecoms entrepreneur, and inbound marketing expert. From his home in coastal North Devon, Nath works with a portfolio of technology, property & sports investments through his fund Croyde Bay Ventures. When he’s not working, Nath can usually be found surfing, mountain biking, or walking the North Devon Coast with Wilf his Working Cocker.