Cyber security is a major consideration now much of the UK’s workforce is working from home in response to the coronavirus pandemic. Here we look at the common cyber threats associated with remote working, together with tips on how to keep your business safe whilst your staff work from home.
Many companies offer flexible working, where staff work from home occasionally or some even full time. Even for those who don’t officially work from home, a lot will naturally login to keep track of work emails or finish off the odd task they couldn’t manage in the office.
Remote working to some degree was already a reality for many businesses, but never perhaps on such a scale as when the coronavirus outbreak took hold. This is likely why, as a general rollout of remote working started to become the norm, businesses found they were not really prepared for the cyber threats that would quickly pose a huge challenge.
What are the cyber security threats associated with home working?
The COVID-19 pandemic has led to a surge in phishing scams, many of them focusing on the uncertainty and fears surrounding the situation and taking advantage of people’s need to seek advice and reassurance on coronavirus related issues.
A recent report found there has been a 600% increase in reported phishing emails since the end of February, with many of them taking advantage of the uncertainty surrounding the pandemic.
Emails were intercepted impersonating the World Health Organization, asking victims to download a ‘safety measure’ by clicking a link. They were then prompted to verify their email by entering login details. Other scam emails appeared to be from HMRC and the Health and Safety Executive, all designed to harvest sensitive data and login details so that accounts could be compromised and used for unscrupulous gain by cyber criminals.
Aside from phishing attacks, the simple act of staff logging in to a company network has also been posing a major risk.
When staff use remote desktop protocol (RDP) to login to a network, this can pose a significant risk of ransomware attacks. Unless multi-factor authentication (MFA) is used to login, any unsecured network can act as an open gateway to hackers.
What is ransomware?
Ransomware is a type of malware that encrypts a victim’s file, rendering data inaccessible. The attacker then demands a ransom from the victim in exchange for restoring the data. Ransomware often originates from phishing scams where attachments that appear trustworthy are emailed to a victim. Once downloaded and opened, they can take hold of the victim’s computer. Some of the more aggressive forms of ransomware exploit security holes in operating systems, infecting computers without the need to deceive users. An example of this is BlueKeep, discovered in May 2019 to be affecting older versions of Microsoft Windows.
So, now we know the cyber risks of working from home, it’s time to look at how to minimise them. How to protect your business and its data during the home working revolution? Here are our top tips.
1. Set a remote working policy
It’s vital to put a policy and guidance pack in place to manage the risks. Make staff aware of security protocol and you will be less likely to suffer a cyber breach. The policy should include:
- How to store devices securely when not in use
- The importance of creating and maintaining robust passwords
- Keeping software updated to the latest versions and installing security updates
- Acceptable use policy for visiting non-work related websites
- How to clear a browser cache to prevent login details being compromised
- Use of company devices in public places
- How to report the loss or theft of devices or a possible data compromise
It’s crucial that all staff are not only aware of threats to cyber-security, but also know how to deal with them.
2. Set up multi-layer authentication
Multi-factor authentication (MFA), also known as two-factor authentication, is a security enhancement that requires additional evidence to be entered before logging into an account. MFA helps prevent unauthorised access to the protected account should credentials become compromised.
According to Microsoft, enabling MFA can reduce account compromise up to 99.9 percent, bringing the chance of stolen credentials down to almost zero.
MFA adds additional account security that protects all employees from compromised credentials, protecting not only them, but also your business and its data too.
3. Use a virtual private network (VPN)
A VPN provides a secure, encrypted connection between your PC and an internet server. It is designed to prevent anyone from spying on what you’re doing, and also stops hackers getting in and seeing any data that you access over the connection.
A VPN is vital in regulated industries such as legal, finance and insurance, but is equally useful across any sector. Instead of allowing employees to access your company network via their own internet connection, the use of a VPN provides a secure in-road.
Here’s a list of the best VPN services for working from home, or just ask your KP Computer contact for advice.
4. Provide company devices
If you allow staff to work on their own devices, then you automatically lose control of cyber security. Devices used for social pastimes may well be susceptible to malware or viruses. How can you be sure your employees have installed decent firewalls and anti-virus software and are running regular scans?
Whilst it can be something of an investment, it is certainly a worthwhile one to know that staff are logging into your company network using devices that only connect through your VPN using multi-layer authentication. Devices that are installed with your company approved firewall and anti-virus and that are not used to browse unapproved websites.
5. Use a password manager
Cyber security experts suggest using a password manager. This is a platform that securely stores passwords and automatically fills them into login pages. They help protect all online accounts with a strong password. These are particularly useful if your staff are accessing various online platforms as part of their work, such as social media sites, client portals and content management systems.
The likes of LastPass, BitWarden, Dashlane, Keeper and 1Password are good examples of password managers. Web browsers including Safari, Chrome and Firefox also have built-in password controls.
Some password managers have features that inform you when a site has experienced a data breach. Others can tell you if the password you’re using has been found in a stockpile of stolen user data, as at least 555 million passwords have. Password managers also can help you find weak or reused passwords.
Need help with cyber security for your remote workforce? Talk to KP Computer.
If you could use some professional help with setting up your remote workforce for secure working, talk to the experts at KP Computer. We’re here to help, and look forward to being of assistance.