With the coronavirus pandemic in full swing, more and more businesses are making the switch to working remotely. This brings about new challenges, particularly when it comes to cyber security.
Small and medium sized enterprises are having to deal with a wealth of new problems that working remotely brings; everything from insecure home-networks, staff using personal devices, sharing of sensitive information over the cloud, complying with legal guidelines and using shared family computers for work.
SME’s have had to quickly adapt to this new way of working and in the meantime, cybersecurity can easily be overlooked. However, teams working remote can be one of the biggest risks in cyber security. Cyber threats are often underestimated, and it is easy to forget the risk whilst working from your kitchen table.
Staff need to be aware that the same cyber security measures are just as important when working from home as they are in the office.
Hackers and cybercriminals are taking advantage of the vulnerabilities that have arisen from working remotely, so it is vital that employers and staff are all aware of the risks and ensure safe cyber security measures are being put in place, when working from home.
Here are 11 cyber security tips for SME’s working remotely:
Use company devices
Use a company owned laptop or device that is properly secured to reduce the risk of data breaches when managing sensitive information and data online. This is a far better way of safeguarding than employees using a variety of personal devices which could have outdated software and security measures.
If you are running an SME and simply do not have the means to provide every member of staff with their own device, then think about employing a secure remote desktop service. Providing employees laptops have the adequate amount of protection, this solution means all of the data will be stored on the office device and staff members personal devices are merely acting as a display.
Install internet security at home
If employees are using personal devices whilst working remotely then it is a good idea for them to install internet security at home. The usual home internet security antivirus software may be too basic for staff working for home. It is important that all home computers are just as secure as those in the office.
Be aware of common scams
It is important to know what the most common cyber security scams are, so you know what to watch out for. Small and medium sized enterprises can be in a particularly vulnerable position if they are not aware of the threats to their organisations. Being aware of how such threats work, for example spear phishing attacks, increases the likelihood that you will spot the threat before it is too late.
Ensure the safety of your devices
We are not just talking about internet safety here; you also need to make sure your devices are physically safe and not being put in a position where they could be easily stolen. Whilst most of this is pure common sense, it is also just as easy to get lapse with our judgement, particularly if we are not used to working from home, and in a more relaxed environment. Those of you who have young children need to be particularly vigilant that your work computer does not fall into the wrong hands! Devices should automatically lock if you are not using them, and ensure they are not left on when out of the room, especially if there are kids around. Preferably when leaving the house, any devices with sensitive work-related information on should be secure in a locked room.
Avoid using USB thumb drives
Portable storage devices should be avoided if possible. If a member of staff saves confidential and sensitive information to a USB thumb drive, and then looses it, the chances are there for anyone to pick it up- and you certainly don’t want that information falling into the wrong hands. On another note, USB drives have been known to have been placed by hackers near the place they are trying to attack, in an attempt for colleagues to pick up the drives and plug them into staff computers to find disruptive malware which will lock their system. Shockingly, this happens more than you might think.
Use secure VPN’s
Virtual private network’s (VPN’s) allow a secure and encrypted communication between a device and a remote network. This is an excellent way to secure private information being compromised if a hacker is stealing data from public Wi-Fi services or attempting to attack an unprotected private home network. When choosing a VPN ensure that your data is properly secure and will not be passed on to a third party.
Two factor authentications (2FA)
Two factor authentication (2FA) provides an extra level of protection when logging in to secure networks. You may need to provide a username and password, and then again, another method of identity such as a code from a SMS message. This means that if a hacker gains access to your password, they still will not be able to login using your credentials, as they do not have access to your phone.
All company data should be regularly backed (preferably a double backup) and stored in an offline location. This is a vital way of protecting data in case of a ransomware attack. In such an attack, the hackers will steal your data and demand a ransom in order to get it back. If you are running a small enterprise, you may not have the funds for the ransom and may be at risk of loosing important data.
All your networks should have a firewall installed to protect your computer from potentially harmful sites. Firewalls are essentially filter’s, they control all the information coming in from other sites and computers, allowing some communication through and restrict what it believes to be harmful threats. At Cube Cyber we have next generation firewall services that can help you block threats and reduce costs.
Keep updated and patch systems
Old and outdated software has vulnerabilities that hackers can easily use to get into your computer. All operating systems need to be regularly patched and updated to help keep your business secure. Hackers will always find weak points in devices and networks using outdated software, so it is important that systems are updated as soon as a new update comes out, or better yet install auto updates.
Get the right training
The weakest link in cyber security is usually the human factor. People make mistakes, even the smartest amongst us will occasionally click on a dodgy link after being fooled into think it was something else. Good training on cyber security is essential for the safeguarding of company information. Staff members need to be aware of phishing attacks and what to look for in a spammy email, which can look incredibly realistic at times. Regular training sessions and keeping staff up to date on the latest cyber threats will reduce the risk of someone unknowingly giving away sensitive company information.
Using these cyber security tips should help to implement good protection measures across your company. If you found this article useful, then give it a share and let us help spread good cyber awareness across the board.