By: Mark Brown– founder of Psybersafe
It didn’t take long, in 2020, for hackers and cyber criminals to adapt their tactics to target home workers. In fact, they were quick to take advantage of the fact that people were away from the office, and therefore detached from the traditional IT messages and measures that are designed to keep cyber security top of mind. Phishing attacks using Covid-related messages have risen by 600% and in one day alone, Google intercepted 18 million emails trying to exploit our curiosity and concern about the pandemic.
Now that many thousands of workers across the UK are considering working remotely either part time or full time, it’s important for employers to make sure that their people have a good understanding of their role in overall cybersecurity, and are adopting the right behaviours to protect the business from attack.
As an employer, here are five critical things you should make sure your people are aware of when they are working remotely.
Be extra careful with company data
Employees should not send company or client data to their personal email accounts under any circumstances, and they should also never print it out at home or in a shared remote workspace. Your responsibilities towards protecting client data extends to wherever your people are working, and that data can’t be sitting in Gmail or Hotmail accounts. If this data is lost, stolen or compromised, it will be the business that faces fines and potential prosecution.
Make sure home networks are cyber secure
Your employees will be using their own personal wifi networks when they are working remotely. Make sure that they set up their network with WPA2 (Wi-Fi Protected Access 2), a network security technology commonly used on wifi wireless networks and used on all wifi hardware since 2006. It encrypts data as it goes from point to point. When a router is set up, this should be the default option.
Also, ensure that your people change their default router password to one of of their own. Give them guidance on creating good passwords or passphrases – like I take a train @7:00! – that are at least 15 characters and include letters and special characters (Sp3c14l_&_ch4r4ct3rs) like *&^%$.
Provide hardware that reduces the risk of cyberattack
One of the biggest gateways for hackers is people who are using their own devices – laptops, phones and tablets. Personal devices are rarely as well protected as company devices. Ideally, your employees will work on a company laptop, where the organisation can control both the protections and the applications used.
There are good end point and ransomware protection applications available – choose the right one and ensure that it can be managed remotely. For your own peace of mind and as a selling point to your clients, making sure you’ve done everything to protect your network is an important part of introducing remote working.
Issue regular cybersecurity reminders
In the office, there are constant reminders of the personal responsibility that each person has for cybersecurity. When people work from home, they are in a more relaxed environment without the formal signals of the office, which often put us on our guard and naturally increase our vigilance.
Non-cyber security behaviours, such as having to use a pass to enter the building, unlocking desk drawers and computers, seeing others behave securely by locking their screens when they walk away, and shredding sensitive paperwork influences our cyber behaviour when we are at the office. These social signals of how we behave are very strong and guide us.
Vigilance at home is understandably lower, and this means people are more at risk of making a misjudgement, opening an unexpected email or leaving a gateway for hackers to get into your business. Every employee’s wifi network is now an entry point – not just the company network at the office.
So ensuring people are aware of the risk of cyberattacks, know what to look out for and what to do is critical.
Support cyber awareness and vigilance
Out of sight shouldn’t be out of mind. If anything, it’s more important to make sure your remote workers are regularly reminded of their cybersecurity responsibilities than your office-based employees.
It’s worth remembering that around 90% of successful cyberattacks are down to human error. So whilst investing in systems, firewalls and IT security is important, it’s only part of the puzzle. Arguably, the more important investment is in making sure your staff know how to spot a phishing scam, make sure they get into the habit of locking their machines when they are out of use, practice good cyber awareness all the time and are just as – if not more – vigilant at home as they are at work.
It only takes one wrong click for malware or ransomware to get onto a device or into a network. Make cybersecurity an important, visible and constant part of your communications with remote workers, consider investing in training that helps them improve their understanding and behaviours and support them to be just as vigilant and security-aware at home as they are in the office.