Our business and some business have been adopting the work from home strategy before the COVID-19 pandemic. But, the COVID-19 pandemic has forced more and more businesses to work remotely. Most, if not all, were not prepared for this and so were not properly set up to support remote working.
Several questions/issues arise when discussing the issue of working from home. Some key questions include:
- Who carries the cost of data for employees working from home?
- What are the tax consequences for the person carrying the cost of data?
- How do you allow your team to be productive from any location?
- How can you allow teams to collaborate seamlessly on any document, project or conduct virtual meetings?
- What cybersecurity risks arise and how can these be managed?
In this article, we will focus on cybersecurity issues arising from working remotely and how these can be addressed. What are some of these security concerns?
- Working remotely can widen an organisation’s attack grounds as workers start to use their own networks and devices. With many devices being used on different network access points, it is likely that one of these devices will be attacked.
- Because the organisation also works with other small and larger organisations, they too may be left open to these attacks.
- You may ask your team to configure certain things while they work remotely and because they are not IT experts, human errors may occur that may leave security gaps in your system.
- Some home networks are not secured and this also leaves your organisation prone to attacks. Working at the office meant secure Wi-Fi networks and firewalls protected the organisation. But, the sudden move to their homes meant using laptops and desktops with no protection.
- Or if they are secured, your team may be using default easy to crack passwords.
- Your team may be using free to access networks that may also leave your organisation prone to attacks.
- You may have had no time to train your staff on security risks and how to manage them, which means that your organisation is open to attack
So, what are some of the ways that your organisation can apply to manage the security risks?
Organisations that will not look at their security issues can be left open to more business disruption. Here are a few suggestions and considerations:
- Ensure that you educate your team to avoid using public Wi-Fi. Public Wi-Fi is not as safe as private for sending and receiving information.
- Encourage use of a VPN, which ensures the integrity of data sent or received on a public network.
- Encourage your teams to protect their home Wi-Fi by using strong passwords and or changing them every often.
- Encourage the use of password vaults and the generation of more secure and strong password through these vaults.
- Encourage the use of two-step authentication.
- Educate staff on the absolute need to protect confidential information. For example, by locking their screens when they walk away from their devices, how to discard confidential information, not taking selfies in front of their computer screens or desks where confidential information is.
- Educate your teams on the dangers of phishing emails and how phishing emails look like.
- Invest in cybersecurity
- Seek the advice of a cybersecurity insurance specialist.
- Create a security-focused workplace culture by consistently educating your team about cybersecurity and or updating your knowledge bases with the latest security information and features. Ensure you have sufficient security training within your organisation.
- Discourage password sharing.
- Make use of robust malware and firewall software. Ensure these are updated regularly.
- Encourage your team not to click on any suspicious links.
- Use secure password generating tools like 1Password or Lastpass
- Tell your teams to disable auto-login on their devices.
- Tell our team to set up the auto screen lock every 10 mins.
- Back up or put your data onto the cloud.
Remote working could be the new norm. But, adequate security measure needs to be put in place to make this a success and to make sure that organisations are protected from external attacks.