A massive and far reach upsurge in the number of people working from home was one of the biggest practical effects of the coronavirus pandemic. It is highly likely that companies will find ways to make remote working possible and permanent for larger portions of their workforce going forwards.
The impact of this is considerable, and one of the most significant is the increased cyber security risks involved.
Distributed workforces always mean a greater vulnerability for data breaches. If companies had to switch quickly to remote working - with reluctant or unprepared staff – it adds to the headache for managers.
This makes it vital to evaluate security in your digital workplace, and take steps to keep remote workers secure after Covid-19.
Here’s a guide to cybersecurity for enterprises with staff working from home.
What does cybersecurity involve?
It’s worth starting by looking at what cybersecurity is and why it is so important to organisations of all sizes.
Billions of people go online daily, especially now we have the Internet of Things (IoT) such as smart homes and cars. This generates quintillion bytes worth of data.
There has also been a rapid advancement in the ways to collect, store and analyse data.
Unfortunately, this has run alongside evermore sophisticated criminal activity online. Cybercrime includes both stealing data (often for financial gain) and creating malicious software (malware) and computer viruses to disrupt data.
One wrong click and a company can find huge amounts of data disappears or is rendered useless.
The more people who work from home – on a multitude of devices – the more opportunities there are for cybercriminals to use one of their constantly updated ‘tricks', including using a humble email to unlock sensitive passwords or financial information.
It is vital that all organisations take steps to guard against cybercrime – whether you have one remote worker or one thousand.
This is partly because the fines for data breaches can be hefty - the General Data Protection Regulation (GDPR) makes data management obligations very clear.
Possibly worse still, is the effect it could have on your reputation – and therefore business survival – if you lose personal information about customers, staff or suppliers.
How can I protect my business data?
It’s worth mentioning that keeping remote workers secure doesn’t just involve guarding against criminal activity. By introducing careful monitoring and management, you can also prevent accidental data breaches, which can be equally damaging to your business.
For small businesses concerned about cybersecurity, the National Cyber Security Centre has a handy guide (https://www.ncsc.gov.uk/collection/small-business-guide).
The NCSC also provides information on general online behaviour to avoid breaches (https://www.ncsc.gov.uk/cyberaware/home).
You must also take account of the special business issues raised by COVID-19. The NCSC offers a range of guides to help organisations to take steps to move to remote working safely, and manage data effectively:
https://www.ncsc.gov.uk/guidance/moving-business-from-physical-to-digital
https://www.ncsc.gov.uk/guidance/home-working
The potential security risks with video conferencing (something that’s become more common as a response to the coronavirus crisis) are covered by the NCSC too (https://www.ncsc.gov.uk/guidance/video-conferencing-services-security-guidance-organisations).
Other ways remote workers can be secure
Which areas of your digital workplace are leaving you most exposed to malicious or accidental data breaches? Carrying out your own risk assessment is a wise move, and then you can take steps to address your vulnerabilities and any lack of systems or skills.
Here are some of the key areas to focus on for secure remote working situations.
Passwords
One of the biggest risks for dispersed digital workplaces is that staff will use a variety of passwords to protect their data, some of which will be worryingly insecure and easy to obtain.
Having a company-wide system for creating secure passwords is important. This too is something that the NCSC can help with in its guide to protecting online accounts, even after passwords have been breached (https://www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa).
Quick control and recovery
That leads to another important consideration when it comes to remote working security – what happens if you do become aware of a data breach of some kind? The NCSC provides valuable information on how to respond to this, and how to recover as quickly and painlessly as possible (https://www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa).
Guarding against phishing
Reference has already been made to phishing – this is when cybercriminals use emails to commit fraud or offer links which result in breaches or malware. This guide offers insights on how to guard against this risk (https://www.ncsc.gov.uk/guidance/phishing).
It is crucial to train staff to be aware of the dangers of phishing, including not clicking on links or opening emails that manage to slip passed your secure firewalls and control systems.
Making your security strategy relevant to you
Training and supporting your team of remote workers is an important priority across all aspects of data management and protection. However, each organisation has its own unique workforce and business goals. How can you develop an online security plan that fits your requirements?
Developing a relevant and practical approach ensures that you keep remote workers secure, without interrupting their productivity, or bewildering them with too many rules!
The NCSC offers a toolkit to help organisations to develop their own security strategy and plan, tailored to the everyday realities they face (https://www.ncsc.gov.uk/guidance/phishing).
Keeping pace with security risks
As technology is constantly advancing, and cybercrime responds, the potential ways that remote working can lead to data breaches increase.
This is particularly true in post-COVID digital workplaces. New pressures and systems will put additional strain on dispersed teams. Data management becomes more complex.
There is a way you can be part of the long-term solution. The National Cyber Security Centre is always on the lookout for partner organisations, to work with them on making British digital workplaces safer and more productive.
That includes supporting innovative start-ups who are adding to the availability of security products and systems (https://www.ncsc.gov.uk/information/cyber-accelerator).
Individuals and businesses can also contribute to the pool of ideas, suggestions and initiatives by signing up for the NCSC Industry 100 (https://www.ncsc.gov.uk/information/industry-100).
Can I get accreditation for secure remote working?
Taking steps to manage your data in a digital workforce – when you have additional homeworking staff post-pandemic – can underpin your ability to survive.
Showing your customers and other target audiences that you take the issue seriously can also be important. It gives them the confidence to deal with you and the assurance that you are keeping remote workers secure. This can help with staff recruitment too, particularly for management positions.
To illustrate your commitment to the issue of cybersecurity for remote working, businesses of all types and sizes can sign up for the Cyber Essential initiative (https://www.ncsc.gov.uk/section/products-services/cyber-essentials).