Six Cybersecurity Tips for Working from Home

09/06/2020

Six Cybersecurity Tips for Working from Home

With the sudden and unprecedented shift to working from home as the new normal, businesses of all sizes must adjust to fresh challenges. One such challenge is ensuring the security of sensitive business data when employees work remotely.  

According to the latest Cyber Security Breaches Survey, almost half of UK businesses (46%) report having experienced cybersecurity breaches or attacks in the last 12 months. But only 29% of organisations have a cybersecurity policy in place to cover remote or mobile working. Paying attention to cybersecurity is especially important given that cybercriminals have already begun to take advantage of the global COVID-19 crisis and the rise of remote work. 

We have previously looked at the importance of cybersecurity for SMEsNow we will take a closer look at how SMEs can stay smart when it comes to enforcing cybersecurity for remote work. Below are some of our top tips: 

 

Control access when setting up accounts 

If you carried out your operations from a centralised office space before the shift to WFH practices, you likely had a secure IT network in place. Controlling access to servers that hold sensitive data is more difficult now that the team is dispersed. To get your team working from home, you may need to implement a different set of accesses, a process that can extend to setting up new accounts 

There are a few best practices here that can help lower the risk of unauthorised access to your sensitive data. They include: 

Setting strong passwordsPasswords should be composed of non-specific words and interspersed with numbers or other characters. For an extra layer of protection, you may want to consider using a password manager, which can store encrypted passwords for all of your employees.  

Using MFA (multi-factor authentication): To prove, or authenticate, that remote users are who they say they are when attempting to access data, multi-factor authentication can be used. MFA ensures access is granted only after the user successfully presents two or more pieces of evidence (or factors). Evidence can include answers to security questions, pin codes, or ID cards 

For more information on implementing MFA, click here. 

 

 

Six Cybersecurity Tips for Working from Home, setting strong passwords

 

Control access by using VPNs 

Unless you’ve fully implemented zero-trust approach with your IT network, the use of Virtual Private Networks (VPNs) are a vital cybersecurity tool for minimising the risks from homeworking.  

VPNs create a secure virtual tunnel through the internet to another network or device. This virtual tunnel makes it hard for anyone else to view a user’s browsing activities. VPNs are useful for remote work because they will enable your team to securely access your business's IT resources from home and allow you to keep your data secret without altering it.  

For detailed guidance on choosing, deploying and implementing your VPN, we recommend this guide from the NCSC.  

 

Stay vigilant against physical threats to devices 

So far, we’ve talked about cybersecurity purely in terms of the digital realm. But while were all inclined to feel safe at home, it’s important to take steps to protect devices from threats in the immediate external environmentSuch threats include device theft and visual hacking (the act of gaining sensitive information by looking at someone else’s device screen). 

To reduce the risks here, educate your team on keeping their devices physically secure. Key common-sense concepts here include telling employees to:  

  • refrain from leaving devices unattended and work open 
  • lock their devices when they leave the room 
  • shut down their devices when leaving the house 
  • store their device away in a safe space at the end of the workday 

 

 

Six Cybersecurity Tips for Working from Home, BYOD

 

Be aware with BYOD 

The more applications and programs are installed on a device, the more potential vulnerabilities are introduced to it. For this reason, we recommend trying to separate corporate and home devices when homeworking is implemented.  

However, if you are taking a ‘Bring Your Own Device’ (BYOD) approach and do allow staff to use their own desktops, laptops, smartphones or tablets to access business data, there are some best practices you can implement to maximise security: 

  • The aforementioned use of VPNs and MFA are highly recommended with BYOD to lower the risk of vulnerabilities.  
  • Develop a clear BYOD policy to ensure that employees understand their responsibilities when carrying out work tasks on personal devices.  
  • For work that is carried out on smartphones and tablets, consider using one of the many existing MDM (Mobile Device Management) services that allow strong security controls to be enforced on these devices.  

For more guidance on BYOD, find the NCSC guidelines here. 

 

Take care with USBs 

Another common vector of cybersecurity risk is the use of removable media, especially USB drives. USBs can contain significant amounts of sensitive information. They are easy to misplace and can introduce malware into IT systems when inserted into a user’s device. 

A few steps you can take to reduce the cybersecurity risk of USB drives include using antivirus tools and supplying employees with drives yourself. You can even remove the need for USBs entirely by asking staff to transfer files using corporate storage systems or trusted collaboration tools instead 

 

Six Cybersecurity Tips for Working from Home, phishing

 

 

Look out for scams and phishing 

Sadly, cyber attackers are willing to exploit even a global crisis like the COVID-19 pandemic as a way to gain unauthorised access to sensitive business data. Ensure your staff remain vigilant against scam attempts by telling them to: 

  • avoid clicking on unconfirmed links in texts or emails 
  • keep an eye out for poor spelling and grammar in emails 
  • disregard any suspicious requests or offers 

If a phishing attack does happens to an employee, report it through the Action Fraud website – the UK’s national fraud and cybercrime reporting centre. You can also report suspected scams to the internet service provider (ISP) that was used. If you’re a smaller business owner who does not have access to an IT team, the best thing you can do if you’re unsure about a threat is to change your passwords immediately. It’s always better to be safe than sorry. 

You should also forward an email to the National Cyber Security Centre if you get a suspected phishing email to report@phishing.gov.ukFor free, the NCSC will investigate, if warranted, and attempt to close-down the links that the email uses to harvest your data. 

 

Here at Valda Energy, we’re committed to helping our customers stay safe and secure while working from home. For more advice regarding homeworking, please read our previous blogs on Working From Home for SMEs and Mental Wellbeing Tips for Remote Workers.