The entire world changed in March, throwing businesses and organisations of every size into a state of disarray. Everyone was in the same boat, but the waters were uncharted, and action had to be decisive in order to make sure businesses could stay afloat.
The pivot to working from home was swift and necessary, but it has left some businesses and employees more vulnerable to cyber-attacks than ever before. The need to continue working was greater than the need to make sure that work was carried out as securely as possible, and so information and cyber security officers have been forced to play catch up.
The problems posed by work-from-home set ups
Since then, two key priorities have emerged. The first is securing work-from-home arrangements so that employees can switch easily from the office to their home set-up easily when required. The second is finding ways to maintain confidentiality, integrity and privacy when using home networks.
In the US alone, 56% of employees are reportedly using their personal computers in order to carry out their every-day work, while nearly 25% have no idea what, if any, security protocols are active on their device. A further 25% reported issues with WiFi signal, which has an adverse effect on the power of antivirus software.
These figures come from the Work-from-Home (WFH) Employee Cybersecurity Threat Indexreleased by Morphisec. The report goes on to acknowledge that the majority of the workforce in America has been relying on home WiFi networks and devices that are simply not up to the task of keeping company data secure and safe from external threats.
While Morphisec only considered the state of play in the US, it is fair to extrapolate their findings and apply them to the UK and the rest of the world. The onset of Covid was brutally swift, catching everyone unprepared to face certain problems
The biggest threats to cyber integrity
We know that the vast majority of home working setups are not as secure as traditional, office-based devices and networks. But what are the biggest risks to cyber integrity and data security?
The use of home laptops, PCs and other endpoint devices pose significant threats, as they give malware and spyware a greater opportunity to breach security and gain access to the business network through human error and the complications of a household's other members using the same device.
Collaboration and conferencing apps have, understandably, become extremely widely used throughout the pandemic. Unsurprisingly though, the proliferation of these tools has meant that attack surfaces have expanded significantly, as they are become targets for attack thanks to sub-standard patching protocols. The threat is so prominent that the likes of Google and Nasa, amongst others, have actively stopped employees from downloading and using some apps and programmes. sophisticated breaches.
How to keep your data safe
Thankfully, cyber security experts have had time to generate a number of easy to implement methods that will help both organisations and individuals to protect enterprise data and security.
As well as the more obvious steps, such as strengthening VPNs and making the best antivirus software available to all remote workers, employers should take the following actions:
- Provide increased security protection for endpoints, including all laptops, PCs, phones and tablets.
- Make software updates to remote work stations mandatory and automatic. Keeping software up to date is still one of the best ways to protect against attack.
- Create a shared space using intranet, collaborative apps (i.e. Slack) or a dedicated email address, where employees can report suspect emails and concerns over potential security breaches.
- Impose multi-factor authentication for the VPN and other critical portals giving access to information systems.
- Review and reassess protocols that could hinder remote working. Access can be restricted or prohibited by rules such as geo-blocking.
While employers are able to take action that will enhance security across the organisation, the role of the individual home-worker shouldn't be underestimated. In fact, even the most simple measures could be the difference in stopping an attack
Here's what home-workers can do:
- Make sure family or housemates do not use devices that are used for work. It would also help to enable screen locks so that workstations are secure when not being used.
- Secure your network with a strong password.
- Cover your webcam when it's not in use.
- Make sure all video conferences are password protected, no matter which platform is being used. Conferencing apps are a major focus for those looking to maliciously access company networks.
- Avoid using removable storage devices such as USB drives and external HDDs.
- Mute or disable digital assistants such as Alexa and Google Assistant, as they are often set to record nearby audio.
- Only rely on cloud services and data centre storage that has been approved by your employer. This is particularly important when saving sensitive data, such as trade secrets, but also health information, personal and contact details, and financial records.
The opportunity going forward
With both the employer and employee working together to ensure better security, the chances of a company or organisation suffering from a serious cyber-attack or data breach are massively reduced.
Now that the world has coped with the first lock-down, and companies recognise the need for suitable home-working set ups, the opportunity is there to make sure that data and networks are secure wherever staff are working from. Whether they are in the office, or need to be based at home to isolate, there is now no excuse for security not to be equally tight across the board.
If you’d like to talk to one of APH’s security specialists about becoming Cyber Essentials accredited and our Cyber Protect service, then click here.
The time to make this happen is now. There's never been a better opportunity for businesses to make safe, secure home working a priority, and doing it now will pay off immediately.