According to a report by the ONS, the COVID-19 pandemic has resulted in almost 40 per cent of the UK workforce working remotely instead of at their normal place of work.
The rapid transition to home working has allowed many businesses to maintain operations and continuity during this uniquely challenging time.
But with it has also come greater risk, as organisations struggle to remodel their IT, telecommunications and security infrastructure in order to accommodate a dramatic shift in operating conditions under extremely tight time restrictions.
Many businesses will have had a robust mobile-first digital transformation strategy in place, and those are the firms which will have been able to make the transition with the least disruption – both to the workforce or their customers.
However, a significant number will also have been unprepared for the speed at which this change was forced upon them as the government’s lockdown measures were rolled out.
Organisations heavily reliant on physical security, such as call centres and banking institutions, have been forced to adjust current security protocols to facilitate working from home, permitting employees to take desktop equipment home to work or permitting the use of work laptops and devices on home networks.
Data security issues need to be considered and re-evaluated in the home environment, where physical privacy screens or audio devices may not be as readily available or as easy to transport from one location to another.
At a very basic level, installing firewalls on every machine and device has never been more important. Even seemingly innocuous devices such as child’s games consoles – or an old, unpatched tablet – all expose new vulnerabilities to an organisation whose equipment is now being used on the same home network. Homeworking cybersecurity in itself is not a new issue, as remote users have existed for decades; but on the scale we are seeing now it certainly is.
When it comes to homeworking cybersecurity, businesses should never be afraid of taking the belt and braces approach. Often there are simple and cost-effective steps which can be taken alongside the bigger initiatives which can still play a significant role in a firm’s overall defences. For example, many businesses simply do not use tools they already have access to, or turn on powerful security features which are not on by default.
5 ways your business can reinforce homeworking cybersecurity
Small businesses that have limited IT experience inhouse can take some simple steps to reinforce their homeworking cybersecurity:
#1 – Ensure all devices are password protected
The first and most important of these by far is to ensure all devices are protected by a complex password or PIN for mobile devices or website logins. Make sure this contains special characters and no personal information. Furthermore, if the business is using a solution that supports it, such as Office365 or Google Apps, it’s always worth enabling MFA – that is multifactor authentication. This sends each user a unique expiring code to their phone every time they login, which adds an additional layer of protection and further reduces the risk of an intruder gaining access to the system.
#2 – Keep installing updates for all computers
Make sure to install updates for all devices and computers as soon as possible after they are released; getting these installed is a key line of defence protecting users online.
#3 – Make sure antivirus is installed
Check that all devices have a current and up-to-date antivirus solution installed.
#4 – Enable encryption on devices
There has been a spate of ransomware attacks recently in the media – which is where an attacker encrypts all your files and tries to sell the keys to the unencrypted versions back to you. Businesses can protect against this by using a cloud storage system, such as Onedrive for those running Office365, or Dropbox, as these all provide ways to go back to previous versions of files if the system gets infected with ransomware. But make sure it has a strong password, as discussed in point 1.
Enable encryption on all devices – Bitlocker on Windows, FileVault on MacOS or encryption on an Android phone. Make sure to keep a note of the recovery keys somewhere safe.
#5 – Monitor your network for intruders
Finally, given the current circumstances, there is a heightened need for businesses to proactively monitor their network for potential threats and vulnerabilities, rather than simply reacting to threats as and when they become a problem. As with most issues relating to security, one of the hardest components to manage is the so-called “human factor”. This is just one of the reasons why our new my.plan platform enables businesses to see what data is being used on employees’ mobiles, so they can make risk-based decisions as to what should and should not be acceptable use on company devices, as well as being able to block websites which host suspected malware so that your users cannot get to them in the first place.