Is your remote team making these security mistakes?
June 22, 2020
June 22, 2020
Summer days are here. As people begin to gather in the parks again and shops re-open, it’s beginning to feel like life is going back to normal. But for many of us, that normal won’t include going back to the office.
Consulting company Global Workplace Analytics estimates that after the pandemic, 30 percent of the entire workforce will continue to work from home regularly. Armed with Zoom and our Slack channels, we’ve succeeded in proving that a team doesn’t need to be in an office together everyday to get things done.
But while a new remote world is great news for the weary commuter of 2019, it’s also great news for the cyber criminal. Over the past few months, cyber crime increased as hackers take advantage of employees who are used to relying on their offices and IT staff to protect them.
It can be hard to convince staff of the importance of digital security. After all, most people outside of IT tend to think of cyber crime as something planned and targeted- a mastermind hacker out to get critical information from the government or cause trouble for a big corporation.
What would they want with my little business? I’m too insignificant to be targeted for cyber crime. This is the wrong way to think about it. Most cyber criminals are just opportunistic. They didn’t choose to rob your house because they knew you had a stash of cash under the bed (or all your passwords on your desktop). They chose it because you left the door open.
Using unsecured networks, not keeping software up to date, reusing passwords- there are a lot of ways to open the door. Luckily, many of these risks follow similar patterns and can be avoided through a few fundamental security practices. The most effective thing businesses can do right now to protect their data, their employees, and their customers is to educate their workforce on what these are and why they are important.
Here are some of the biggest (but pretty simple) mistakes your remote team might be making:
People having access to data they don’t need
According to data by the UK’s Information Commissioner’s Office, employee error continues to be a leading cause of data breaches. They might fall for a phishing attack or just accidentally send an email with a sensitive attachment to the wrong person.
One way to easily reduce the harm caused by data breaches, is to only give employees access to information they need to do their job. It might be easier to make a folder on Google Drive accessible to everyone in the company, but it also means you’re opening a lot more doors to that data than you need to.
While people can be generally pretty savvy in terms of updating their own machines ( laptops etc) they generally forget about their routers after they set them up at home. When you first get a router, it’s important to login to change your usernames and passwords (which can be easy for hackers to find online) and to turn on Wireless Network Encryption.
Employees can also use a VPN (Virtual Private Network) to change their IP address, so hackers can’t see the actual location of their device. It could also allow employees to access company information from personal devices. As a business, encourage employees to follow the same protocols you had in your office in terms of accessing company data.
Out of date software and devices
It’s extremely important to keep all hardware up-to-date – from laptops, routers, servers or the increasing number of IoT devices in the home to protect against things like ransomware attack. Ransomware attacks are among the fastest growing cyber threats (one report projected that in 2021, companies will fall victim to an attack every 11 seconds). Software patches are released all the time to protect against known vulnerabilities but they don’t work if the system is outdated. Making sure you are using up-to-date operating systems and that software is running on the latest version is a critical part of cyber hygiene.
Not taking security seriously
Most people outside of IT have been guilty of this at some point. It’s just simpler to have one password for everything! And my wife’s birthday is the easy to remember! (most of the time). But these little things can have big consequences- particularly when employees are using personal devices for work. A personal phone that has access to the company Slack channel, needs to be just as a secure as a PC in the office.
The majority of breaches are made through simple human error. We weren’t paying attention and accidentally sent an email we shouldn’t have. It’s critical that employees know what data in your business is sensitive and the consequences of a breach.
Lack of education
Sometimes data breaches happen because people just don’t know how to see them coming. For example, as phishing scams become increasingly sophisticated, employees need to know how to spot a suspicious email and how to report it.
Recent reports show that employees aren’t big fans of security. 42% of staff state that their company’s security policies (like having to have an IT admin install new software) make it more difficult to do their job. This is why education is so important.
We launched a page specifically designed to offer resources for small businesses who are transitioning to a remote work environment. These include company policies and a security checklist for employees.
The reality is that in this unstable economic environment, businesses are less likely to invest in their cyber security. But cyber security doesn’t have to be expensive or confusing. This kind of basic cyber hygiene can go a long way in preventing the threats we’re seeing increase on a daily basis.
The dream of working from anywhere in the world may finally be materialising for many. Let’s make sure it happens safely.
Show your customers you value their data by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.