With the government telling all of us to work from home wherever possible during the coronavirus pandemic, clearly many more people than usual will be performing their work remotely for the foreseeable future.
But while some firms may have long-standing plans for this, for others, it will be their first experience of widespread remote working, and they will be trying to figure it out as they go. Naturally, this will raise many questions and concerns, but one area that can’t be overlooked is IT Security.
With many businesses turning to new, untested tools much more quickly than would normally be the case, it may be easy for errors to slip in that increase firms’ exposure to cyber crime. At the same time, users may be accessing sensitive information on unsecured connections via personally-owned devices, which can greatly increase the chances of a data breach.
So what do firms need to be doing in order to ensure they can continue operating as normally as possible without compromising on their security or privacy obligations? Here are a few key things to keep in mind.
Get the right software tools
A key step in keeping homeworking secure is ensuring you have trustworthy solutions in place to manage your essential activities, from connecting to crucial business applications and data to running video conferencing services.
This is something that’s been emphasised recently with security concerns raised over video conferencing app Zoom. This service has seen a rise in popularity because it offers a free tier that allows multiple users to participate in calls, but it’s been plagued by claims of security and privacy vulnerabilities, with meetings able to be gatecrashed by uninvited guests and some experts describing it as little more than malware.
Therefore, if you are turning to videoconferencing to keep in touch during this period of remote working, it pays to do your research and make sure you opt for a tool that is built for business and puts privacy at the forefront. Microsoft Teams, for example, offers a range of security features, from two-factor authentication to ensuring only meeting hosts can admit new people to the conference and control who can present.
This is something that should extend to any new tools firms consider to assist with remote workers. For instance, consumer-grade cloud storage and file-sharing software may offer a convenient way for colleagues to keep collaborating, but it may well lack the robust security features of tools designed from the ground up for enterprise users.
Take control of your employees’ devices
Homeworking may also see employees looking to use a wide variety of devices to access their firm’s data and applications. While many may use a company-owned laptop, others may also use personally-owned PCs or even mobile devices, which will require close management to ensure they are not compromised by malware or other issues picked up by outside of the company’s control.
Using Mobile Device Management (MDM) software is therefore essential to control workers’ activities and ensure they are not accessing potentially harmful websites or applications. This can enable businesses to set restrictions on what content can be accessed and block unsecure network connections.
While VPN use is also expected to rise as a result of home-working, this does have its drawbacks and should not be treated as an answer to firms’ security and privacy concerns. As well as potential issues such as slowing down your connection, these tools can actually be exploited by hackers. For instance, if someone is able to infiltrate a user’s home PC, they can use a VPN to then gain direct access to your firm’s network, so these solutions should be viewed with caution.
Elsewhere, the current situation could also see a rise in the use of removable media such as USB drives, as people look to transfer important files between devices, which can be an easily overlooked way for malware to enter a network. You can prevent this by restricting the use of USB drives to corporate-owned hardware, disabling the use of removable media in MDM settings, and using antivirus software.
The scams to be aware of
It’s also important to keep your staff mindful of the usual fraud and hacking attempts, which are likely to increase when people aren’t working from the safety of their office’s perimeter.
Phishing attempts may be particularly troublesome at the current time. As well as the expected set of scams offering cures and treatments that prey on people’s fears of the virus, this could pose opportunities for more targeted scams, known as spear phishing.
For example, if people are working from home and communicating with colleagues primarily via email, this could allow a scammer to send fake emails purporting to be from an individual’s boss asking them to do something they would normally discuss in person. These may be intended to trick the recipient into handing over login credentials or other sensitive data, or even instruct people to make financial transfers.
This is just one example of some of the scams, frauds and hacking attempts people may experience while working from home. Payment frauds such as requests to change bank details, or people claiming to be from HMRC or other government agencies may be common in these unusual times, with fraudsters relying on the fact people may be too busy to adequately authenticate requests.
Therefore, ensuring people have the right training and are able to spot suspicious emails quickly is vital in protecting your business’ information.
Making Home Working a success!
Follow these tips and you’ll be well on your way to making home working a success – not just in the current circumstances, but for years to come. However, if you’re still unsure, it pays to speak with a trusted, expert partner such as Arrow that can offer advice on how best to protect these activities. Click here to Contact Us.