Even in a post-pandemic world, it’s clear that working from home is here to stay. In fact, a study by Gartner found that 47% of companies will give employees the choice of working remotely full time, even after the pandemic, and 82% said employees will be able to work from home at least once a week.
However, this implementation of new working environments raises concerns over IT support and cyber security. In fact, a report found that 86% of C-suites and 60% of SBOs believe that the risk of a data breach is higher when employees work remotely.
This means that organisations need to work harder to maintain their security infrastructure when staff are working from home. To get started, we’ve put together a list of top tips on how to maintain cyber security for your company when working from home.
Create a remote working policy
Any company that allows its employees to work from home should think about creating a remote working policy to help manage the cyber security risks. This policy should clearly outline your security protocols and highlight the consequences of non-compliance. It’s good to include things like how to store data securely, creating and updating strong passwords, VPN rules and a policy for non-work-related website usage. You can also include rules surrounding where your employees should work, including the risks of working in a public space, or on a train, and using free Wi-Fi.
Make sure the tech toolbox is up to date
Companies should have up-to-date cyber security protocols which include tech tools that will keep everyone cyber safe when working from home. This means you should have firewalls, antivirus software, and other security features such as a VPN, two-factor authentication, backups and encryption tools. If your staff have all of the tools to keep them safe, they are more likely to avoid cyber threats whilst working from home.
Always run updates and patches
Ensure that everyone in the company regularly runs new updates and patches as soon as they are available. If you forget to do this, you can configure most devices to update automatically, so you don’t have to worry about falling behind. Cybercriminals take advantage of outdated systems, that’s why updates and patches are there to add extra security to your device or software and fix any potential flaws.
Keep your VPN turned on
Employees who are working remotely should always use a VPN (virtual private network). A VPN encrypts all of your internet traffic, making it unreadable to any hacker that may intercept it. This makes it much harder for cybercriminals to steal sensitive data. This is especially important if you are sending and receiving financial information, strategy documents, or customer data.
Train your employees to spot threats
Alongside giving staff a security policy and preventative tools, you should also invest in teaching employees how to spot potential threats and offer robust IT support. This will help to lower your risk of a security breach.
Use multi-factor authentication
Just having strong passwords is not enough in this day and age, it’s important that companies use multi-factor authentication to add an extra layer of security. MFA requires users to provide multiple different types of information to verify their identity, for example, security questions, push notifications, pins, and biometrics.
Ensure employees are working from company devices
One of the most common ways that companies open themselves up to cyber-attacks is when employees are allowed to use their personal devices to work. Usually, personal devices will not have the correct security infrastructure that will protect company data and sensitive files. Using company devices will also help your IT support have an overview of the infrastructure and be able to monitor any malicious activity, such as malware. This will help protect against phishing attacks and hackers who are looking to take control of an employee’s account.
However, if it is not within your company’s budget to give all of your employees’ work devices, you should consider Desktop-as-a-Service (DaaS). Desktop-as-a-Service (DaaS) can be used to transform a personal device, such as a laptop, into a work desktop so it can be used to access applications and files that are on the company’s network. This service is carried out by leasing virtual desktops via a public or private cloud service. Using a virtual desktop means that if an employee’s personal device is stolen, no company data is lost, as data is stored on the virtual desktop instead of the physical desktop.
If your employees need to conduct business from their personal phones when working from home, it’s a good idea to try to encrypt their phones. Data on mobile phones can easily be secured by enabling a few settings, for example, a strong passcode, encryption features, and the ability to wipe the phone when too many passcodes are entered incorrectly a number of times.
As well as personal computers and phones, when working from home there is also a risk associated with printers. Home printers have a number of insecure features that should be turned off whilst working remotely. One of these is the ‘print from anywhere’ feature which lets you print company documents to your home when you are not in the office. You should also turn off the ability to scan to the hard drive of your printer and open the folder from computers on the company network. This is done with minimal or no security, and so should be switched off.
Need help or advice?
If you or your company need cybersecurity support, our friendly team is on hand to help you. Get in touch with us today to learn more about how we could help keep your company secure and lower your risk of data breaches in the future.