Large swathes of UK employees already work remotely; whether by design or by default, working away from the office is increasingly commonplace. Fuelled by improvements in technology and cloud-based software, remote workers are not only a new normal, but flexible working has come to be an expected perk for many.
Research carried out in 2019 by the International Workplace Group, found that 80% of people said that when faced with two similar jobs, they would turn down the position that didn’t offer flexible working conditions.
Furthermore, data from the Office of National Statistics found that the number of remote workers has increased by nearly a quarter of a million in the last decade, with half of the UK workforce expected to be working remotely by the end of this year.
But with so many employees working remotely, it is more important than ever to ensure there are no gaps in your cybersecurity and to remind employees of best practice when working remotely.
Here are some tips and advice for both your company and your employees to ensure their cybersecurity when working away from the office.
Make sure staff know what to do if an incident occurs
While this should not be exclusive to your remote workers, a thorough incident response plan should be put in place to help staff detect, respond to, and recover from any security incidents.
This should ensure all employees (office or home-based) are able to identify the type of incident that has occurred (whether a security incident, security weakness or data breach), the steps to take to report it, who they should report it to and the measures to take to prevent reoccurrence.
Take frequent audits of processes
Frequent audits of your security processes are critical in preventing security breaches. Check when employees access data within your business, when they run reports, download data and so on. Doing so will help in identifying any inappropriate activity and could avoid a much larger, more damaging data breach. Any data access or downloads that are out of the ordinary should be a cause for concern and looked into as a priority.
Take the time to regularly remind your employees of your own internal processes and outline the policies and procedures you have in place to prevent any data breaches. Emphasise any disciplinary action that might result if an employee fails to comply with company policy.
Deliver regular cybersecurity awareness training
How cyberattacks present themselves is constantly changing. From phishing attacks that rely on simple human error to severe dedicated denial of service (DDoS) attacks that cause significant system slowdown or outage; online criminals don’t stay still and their methods of deceit are constantly changing.
Holding regular cybersecurity training is key to keeping your employees abreast of any new threats, updates to data protection legislation and your company policies and procedures. Your onboarding should be the first in a series of frequent training sessions where you should also cover off any particular threats that employees might encounter than are unique to your business.
Don’t get distracted
Particularly during times of crisis, it is easy to be distracted by the current situation and time-sensitive matters. But it is important to make sure that both your remote workers and office-workers remain vigilant to any cybersecurity threats.
Simple lapses in concentration can be costly. A companywide email, seemingly from your IT team, saying as part of ongoing security measures everyone needs to reset their passwords and should click to do is a classic example of a phishing attack. But cybercriminals are increasingly intelligent in designing their ruses. Take for example, an email might from your supposed Financial Director asking an employee to pay an invoice as they cannot access the bank from home. Or IT might be contacted via what seems to be a personal email address asking them to reset and send a new password to a known homeworker.
Sometimes, falling prey to these security breaches is down to a simple case of ‘right time, right place’ for cybercriminals.
This applies both at work and at home. Simply being aware of the context within which you receive emails (and even text messages or phone calls) can help no end in ensuring data security.
Encourage your employees to question any unsolicited or unexpected contact as a matter of habit. Always ask: Am I expecting this? Does it make sense? Would this person send this to me? Why? Why now? If they’re unsure, they shouldn’t respond, click any links or attachments and delete it. If it is important, the sender should reach out again or use a different method of communication.
Have different passwords for different systems
For years we were told to change our passwords frequently. This results in too many passwords to remember and increasingly poor security hygiene. With strict policies to change passwords every 30, 60 and 90 days; many employees take to jotting them down or making them as simple to remember as they can. Think ‘Password1’, ‘qwerty’, ‘letmein’ and the like making it easy for employees to keep doing their jobs with minimal disruption.
But having both longer passwords and, importantly, different passwords to log in to each system has been proven to be more secure.
Theoretically, all passwords can be cracked, but some much sooner than others. For example, the password ‘examples’ would take five seconds to crack, ‘examples1’ would take 42 minutes and ‘Examples1@’ would take six years. Conversely, ‘twoeasyexamples’ would take 1,000 years!