As so many businesses rely on remote working to deliver business continuity, they must accept that the more they rely on remote technology to collect, store and manage information, the more attractive and vulnerable it becomes to criminals.
Human errors, hacker attacks and system malfunctions can cause great financial damage and may also damage a company’s reputation. It is important that businesses take time to prepare their staff to work from home and The National Cyber Security Centre outlines these guidelines:
Top 10 tips to prepare staff to work from home:
1. Protect your email by using a strong and separate password
Cyber criminals can use your email to access many of your personal accounts, leaving you vulnerable to identity theft.
2. Install the latest software and app updates
Software and app updates contain vital security updates to help protect your devices from cyber criminals.
3. Turn on two-factor authentication on your email
Two-factor authentication is recommended for email accounts to make sure your data is secure.
4. Password managers help you to secure passwords
Using a password manager can help you create and remember passwords.
5. Secure smartphones and tablets with a screen lock
Screen locks offer your devices an important extra layer of security.
6. Always back up your most important data
Safeguard your most important data, such as your photos and key documents, by backing them up to an external hard drive or a cloud-based storage system.
USB drives can contain lots of sensitive information, are easily misplaced, and when inserted into your IT systems can introduce malware. You can reduce the likelihood of infection by using antivirus tools where appropriate only allowing products supplied by the organisation to be used or by using other means including using corporate storage or collaboration tools).
8. Use collaboration tools
Working from home can be daunting for people who haven’t done it before, especially if it’s a sudden decision. There are also practical considerations; staff who are used to sharing an office space will now be remote. Think about whether you need new services, or to just extend existing ones, so that teams can continue to collaborate. For, example you may want to consider services that provide chat rooms, video teleconferencing (VTC) and document sharing.
The NCSC guidance on implementing Software as a Service (SaaS) applications can help you choose and roll out a range of popular services.
9. Control access to corporate systems
Virtual Private Networks (VPNs) allow remote users to securely access your organisation’s IT resources, such as email and file services. VPNs create an encrypted network connection that authenticates the user and/or device and encrypts data in transit between the user and your services. However, using VPNs to access your organisation cause a security risk when being accessed by a personal device – that may be infected with a virus, for example.
As a further resource, VPNRatings answers ‘What is a VPN and how does a VPN work?’ in more detail here.
10.Use work devices rather than personal
Be mindful of the increased risks associated with workers using personal devices that will hold company data whilst outside of your security control. Malicious attacks are rife (see our blog article showcasing cyber attacks, fraud and phishing)and is possible for staff to use obsolete or unprotected software platforms or shadow IT that they are comfortable with to get the job done. See Bring Your Own Device (BYOD) guidance.
Further help and advice
We have collated some additional resources to help you protect your business security against hackers and cyber criminals.
National Cyber Security Centre
– Download the pdf guide: Home working: Managing the cyber risks
Action Fraud – National Fraud & Cyber Crime Reporting Centre
If you are a business, charity or other organisation which is currently suffering a live cyber attack (in progress), please call 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Report fraud or cyber-crime on this online form: https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime
Or you can report a phishing attempt here: https://www.actionfraud.police.uk/report-phishing
Workable security policy template
The first step in formalising your company cyber security policy is creating a document to ensure your staff are on the same page as you. Start by downloading this cyber security policy template ready to be tailored to your company’s needs.
Training Course: Cyber Security for Home Users
The Security Institute has partnered with Amica, an industry-leader for cyber, governance, risk and compliance training.
Through this partnership all Security Institute Members can enjoy free access to the ‘Cyber Security for Home Users’ course by simply booking on to the course above.
Given the current situation, Amica have also taken the decision to make the ‘Cyber Security for Home Users’ course available to all for the discounted rate of £9.99. Non-members can purchase the course at this discounted rate by clicking HERE. This course is available until 01/01/2021.
Understand the facts about cyber crime
What is ‘phishing’, how can spot a scam email, what can you do if you’ve clicked on one? what things can you do to help protect your business from hackers and cyber criminals? Get these answers in our article Things you should do to help protect your business from hackers and cyber criminals
We hope this article helps you to secure your business security from criminals. If you would like to speak to our remote monitoring security experts please drop us an email here: CONTACT US