How to Improve Cyber Security When Working from Home
From unstable Wi-Fi connections to attention-seeking pets, remote working poses several challenges for employees and employers alike. However, none of these issues is as important as cyber security when working from home. With the rise of remote working options, the number of cyber-attacks has increased significantly. According to a recent study, businesses suffered 50% more cyber-attack attempts per week in 2021.
Even more alarmingly, incidents caused directly by insider threats have increased by 47%. So, how can you prevent your remote employees from posing a risk to your company? We’ll answer that question with another question. Are your remote employees as secure as they would be in the office? If the answer is no, be ready to make some changes to your cyber security strategy.
Because the biggest threat always comes from the inside, you need to ensure that remote employees are just as safe as in the office. Read on as we break down how to do exactly that.
Always use a VPN
As cosy as working from home can be, sometimes employees just want to go to the nearest café or library to do a couple of hours of work. Getting out of the house and working in a public space is great for mental health. As it turns out, it’s not that good for keeping private data away from prying eyes. Hackers love public Wi-Fi networks because they allow them to position themselves between a connection point and an end user.
Is there any way of avoiding this? Yes, there is – and it’s not banning your employees from ever setting foot in a coffee shop. Enter Virtual Private Networks (VPNs) – A VPN encrypts connections between a device and a network to securely protect your data. Often used by private users to get around geographically restricted websites, VPNs are also great at protecting employees from potential cyber security threats.
By providing secure and remote access to a network, VPNs can prevent network attacks and limit access to file stores or databases. VPNs can also prevent applications or websites from keeping track of your online activity. Even better, they can encrypt sensitive information such as access details or bank account numbers.
And there is one extra perk to VPNs that shouldn’t be overlooked. Employers can also use them to filter a user’s network traffic, blocking access to social media websites or streaming services.
Enable two-factor authentication
Two-factor authentication (or 2FA) works by requiring end-users to enter an additional log in credential beyond their username and password. This is an easy and effective way of providing an extra layer of security – and one that should be adopted by all companies embracing remote work. Even the weakest password becomes safe when paired with two-factor authentication.
Cyber criminals are always on the lookout for log-in credentials to access private networks and steal sensitive information. By granting access to a system only after presenting two or more pieces of evidence of identity, 2FA offers protection from unauthorised access. A password plus an authenticator app (such as Microsoft’s) is one of the most common 2FA combinations for companies.
Have separate work and personal devices
With working from home becoming common practice, employees are relying more and more on their personal devices. In fact, a recent survey found that most devices connecting to corporate networks are personal and not professional. The name given to this practice is BYOD (Bring Your Own Device), and it’s become such a phenomenon that even the UK government has published guidance on the matter.
There are several reasons why BYOD can be extremely dangerous. For instance, the employee’s software might be outdated, making their system more vulnerable. And because system administrators might not have access to an employee’s personal device, this can go completely undetected. On top of that, data in private devices is unlikely to be encrypted, leading to the easy spread of sensitive information.
Having separate devices will reduce the chances of sensitive data being transmitted to personal accounts. It can also provide some helpful separation between professional and private mindsets, helping staff to maintain a healthy work-life balance.
If you don’t have the budget to provide work devices to every member of staff, don’t worry. There are still certain things you can do to prevent their personal devices from becoming a magnet for cyber criminals. To start with, make sure your staff always use a VPN – as above. This will encrypt data and add a much-needed extra layer of security to their devices. You should also establish a baseline of minimum required security controls for personal devices – such as 2FA or SSL certificates.
Invest in training
Would you assign a project to an employee who hasn’t been properly trained in that specific area? Probably not. Similarly, it is unfair to expect your staff to know the ins and outs of cyber security without proper training. All employees working from home should receive security guidance explaining how to do their work safely and effectively.
Because home-working usually means working without supervision, employers need to pay particular attention to cyber security training. From phishing to man-in-the-middle attacks, hackers will always target the least cyber-savvy employees to get their hands on sensitive information. In fact, a report from the UK’s Information Commissioner’s Office found that 90% of all data breaches were the result of internal mistakes.
Never leave your employees in the dark. Establishing solid security protocols involves a wide range of different tasks – from accessing company files via a VPN to learning how to spot a potential phishing email. Before allowing your employees to work from home, make sure they have received proper training and know all the security guidelines of remote working.
If you don’t have an in-house IT expert to do the training, don’t worry. These days, many companies offer cyber security awareness training courses that focus specifically on the dangers of remote working. Without a doubt, the best thing about awareness training is that it allows you to see how your employees would react to a real cyber-attack. By simulating company-wide phishing attacks, you can track and improve your staff’s reaction to cyber security threats.
Let us help you
If you really want to improve your company’s security, it’s imperative that you manage threats proactively. Start creating your cyber security strategy today with the help of our team of security experts. From fully managed SIEM and firewalls to penetration and vulnerability testing, CyberGuard has all the right tools to keep your remote workers safe.