During the first lockdown, our priority was to quickly facilitate working from home and keep business moving. We did this astonishingly well. However, in the rush to get remote workers up and running, managing cybersecurity risks took a back seat.
Working from home has created opportunity for cyber criminals. Their aim; to take advantage of new weaknesses in business’ security defences. The National Security Cyber Centre (NSCC) reports that one in four cybers attacks they dealt with over the past 12 months have been COVID19 related.
The coronavirus pandemic has placed our businesses under huge pressure. A cyber-attack could prove to be detrimental to your business while employees are remote working. As we enter a second lockdown, you should make cybersecurity your top priority. Here are 9 steps to manage remote working, cybersecurity risks:
1. Virtual Private Network (VPN)
If you haven’t already, set up a Virtual Private Network (VPN) to enable home workers to securely access your organisation’s IT resources.
Ensure your VPN is fully patched. You may need extra capacity, licenses or bandwidth to support more home workers.
Update your password policy and implement two-factor authentication (2FA) wherever possible.
3. Secure devices
Keep laptops in a secure place (and definitely not left in a car/car boot). Devices are more likely to be lost or stolen while remote working.
4. Encrypt data
Encrypt data on devices when they are not being used to prevent unauthorised access to data, even if a device is stolen. Encryption is built into most modern devices but it may need to be turned on and configured.
5. Mobile Device Management (MDM)
Set up a standard configuration for devices, using Mobile Device Management (MDM) software. You can lock devices and erase data remotely using a MDM tool.
6. Report problems and lost or stolen devices
Create a process to report problems or raise support calls. Ensure employees know what to do if a device is lost or stolen. Who should they call? Encourage users to report any losses at the earliest opportunity.
7. Keep up to date
Train employees to keep software and devices up-to-date.
8. USB and removable media
USB drives can contain sensitive data, can be easily lost and introduce malware into your networks. To lower these risks:
Disable their use using Mobile Device Management (MDM) settings
Use antivirus software
Encrypt data held on the removable media
Use file transfer methods (such as online tools DropBox and MailBigFile)
9. Test your back-up
Regularly test your data back-up, in order that you can reliably retrieve data from your archive.
If you’re looking to make your business cyber safe, remember to lean on an expert and ask lots of questions. Discover what cyber security best practice looks like for an SME: