But while working from home has many benefits, it also exposes both individuals and businesses to a range of cybersecurity risks. That’s why it is essential for businesses to give serious consideration to the new range of risks they face.
In this article we summarise a recent report, ‘Cybersecurity and the hybrid workplace’ published by the Praxity Alliance, and with contributions from our Head of IT, Tom Gardner.
Key threats
At the most basic level, the threat of cybercrime can be introduced from an easy-to-hack password, unsafe link, or cleverly-worded email to induce individuals to reveal personal information.
Some of the key threats for businesses who have remote workers includes:
- Phishing emails to gain access to resources via impersonating legitimate users
- Malware attacks to disrupt, damage or gain unauthorised access to systems
- Ransom demands via unauthorised encryption of data using ransomware
- Public data transit allowing business data to be exposed from transmission across insecure points or methods
- Lack of device oversight primarily linked to laptops travelling with data, but also affecting other mediums such as printers and cameras
- Use of personal devices to conduct business and store information – out of sight, out of mind, out of control!
- Shared documents in the ‘cloud’ can increase vulnerabilities. Data must be secure at rest in addition to during transmission.
As cybercrime becomes increasingly more sophisticated, businesses large and small require much broader cybersecurity strategies in a bid to identify and shore up weak points in their operations, support supply chains, and keep disruption to a minimum in the event of a major attack.
Top tips for businesses with remote workers
- Make sure your remote staff are encrypting their data: The first step to protecting your business data is to ensure that all business data is encrypted during transit, and at rest if held in a public resource so that even if malicious actors get to the data, it is useless to them without the correct authentication.
- Keep software up to date with the latest versions: Hacking tools are constantly evolving, so it is good practice to have full patch control across devices to ensure antivirus updates and system hotfixes are applied in a timely manner.
- Ensure strong passwords and login protocols: Secure your systems using strong passwords and invest in tools such as EDR (end point detection and response), MFA (multi-factor authentication) and reputable anti-virus software. Security methodologies are moving away from username and password-based authentication, to multifactor authentication including biometrics, facial recognition and conditional access policies. Combining this with Single Sign-On (SSO) based authentication for authorised apps, gives you a very robust single-point authentication for your user, which can automatically grant access to all the cloud-based applications they require from that one authenticated login session.
- Train, test and keep cybersecurity ‘top of mind’ across your team: Ongoing employee training is essential. Security incidents are often caused by human error and remote workers may not have the same level of IT assistance as their office-based colleagues. It is important employees are aware of security protocols such as how to spot and prevent phishing attacks and social engineering tactics. You can test this by launching a business assessment using mock phishing emails to see how they fare. Ensure your employees have a supportive knowledge-base framework to improve their understanding and appreciate the significance the impact of being lax in this regard could cause in terms of financial and reputational damage to the business.
- Have a backup plan in place: In this day and age, we must recognise that cyber threats are a real concern for all businesses, regardless of their cybersecurity efforts. Therefore, having a plan of action and backup restoration process in place means that you will be fast moving should the worst happen. A long held IT adage is their should be 3 copies of any key data. The original, a backup physically local to the origin, and an offsite copy.
What should your cybersecurity strategy look like?
It can be challenging to know where to begin to protect your business from cyber-crime and cyber-attacks. However, the key takeaway from Praxity’s ‘Cybersecurity and the hybrid workplace’ report is that there isn’t a ‘one size fits all’ type approach. Businesses need to develop comprehensive and flexible cybersecurity strategies to meet their cybersecurity needs of today, as well as the risks they will likely face in the future.
Even if sufficient IT resources are present in-house, getting a 3rd party IT security assessment can be highly valuable to illuminate any oversights, or develop an IT roadmap if one is not yet in place.
“This is a fast-moving environment and new cyber threats are emerging all the time, so businesses need to be flexible, agile and fast moving to implement new cyber security measures where and when they are needed. Cybersecurity is about more than just patching, and needs to be featured at the very top of your business strategy. Put simply, businesses cannot afford to be slow to respond or fail to invest in this area, else they may not see the threat until it is too late.” Tom Gardner, Head of IT, Rouse Partners
You can view and download the full ‘Cybersecurity and the hybrid workplace‘ report via Praxity.com.
Award-winning chartered accountants offering tax, audit and advisory services.