Back in 2015, research from the UK’s Office of National Statistics (ONS) suggested that 4.2 million people, from a wide range of sectors and business types across the UK, were working from home. They predicted that by 2020, around half of us would be working remotely, especially as many of us could do so wherever we could access WiFi. But now, thanks to the Covid-19 pandemic, the number of us working from home is set to rocket as the government seeks to slow down its spread. So this blog post is about Coronavirus and security tips to ensure safe remote working for your people in response to the coronavirus outbreak.
This matters because although working outside the office – whether that’s from home or the local coffee shop – delivers many business benefits, it can put the security of your people, technology, data, IP, confidential customer information, indeed the wellbeing of your whole enterprise, at risk.
Read on then and discover 18 remote working security tips for your team, so they can focus on their jobs and maintain security precautions when working remotely, so you can run your small to medium-sized business – with complete peace of mind during the Coronavirus pandemic. Below, you can read:
Remote working security from a wide range of online threats
When you consider your response to Coronavirus, it’s important to help your team secure their remote devices and recognise potential security threats, so here’s 18 remote working security tips for your employees. But you also have to be aware of three broad threats to the safety and security of everything from the technology to your data. These include:
Unsecured WiFi networks
While most of your people will be working from home where they can secure their WiFi, others may have to use unsecured public networks, libraries or coffee shops. These are prime spots for cybercriminals to spy on online traffic and collect confidential information.
Using personal devices and networks
When your people use their own technology (laptops, tablets and USB drives, for example) and home network, it’s unlikely these will have the defences you rely on back at the office, such as antivirus software, firewalls, and automatic data backup. So the risk of malware finding its way onto these devices and possibly into your business network is increased, as is the danger of work-related information being leaked.
Remote worker scams
Rackets and rip-offs targeting home workers – ranging from phishing to work-from-home scams – are common and are likely to increase in number as cybercriminals realise how many more of us are working remotely.
With the right know-how, support and security tools your people can work remotely and safely
Not every organisation was prepared for this scenario, so here’s 18 security tips to help you and your employees recognise potential security threats.
1. Ensure it’s fast and simple for your people to get started
Your remote team may need to set up devices and connect to important services (such as your business e-mail and internal applications) without having access to your in-house or outsourced IT specialists. Look for products (security and otherwise) that offer a Self Service Portal (SSP) that allows users to do things for themselves.
2. Install patches and latest versions to keep devices and systems secure
We all know installing patches and updating to the latest versions is a bit of a pain but please be certain all your devices, operating systems and software applications are up to date (you can even run these overnight so you don’t lose valuable working time). All too often malware breaches are the result of an unpatched weakness or unprotected device.
3. Encrypt everything wherever possible
Devices and communications that aren’t encrypted are particularly vulnerable, especially from the risk of kit being lost, left behind or stolen. Note that most devices include native encryption tools such as BitLocker, and communications tools like WhatsApp offer end-to-end encryption, so be sure to use them. There are even specialised encrypted e-mail providers you could consider, too.
4. Create a secure connection with a VPN
A Virtual Private Network (VPN) enables all data transferred between your employees in their homes and your IT infrastructure and office network is encrypted and protected as it travels between the two places. If you need to perform bandwidth-hungry tasks such as holding video conference calls or shifting huge amounts of data, you need a VPN that’s fast, available and reliable.
5. Scan and secure e-mail to avoid phishing scams
The fact that more of us will be working from home is not going to be lost on the cybercriminal underworld. They will expect an increase in e-mail as work colleagues can no longer talk in person and their phishing and scam attacks will increase accordingly. Ensure your e-mail protection is up-to-date and raise awareness of phishing – no one should click on, open or download anything that looks even remotely suspicious, they should always check first.
And it’s not just phishing e-mails to worry about. There’s phishing by voice-mail (vishing) and text messages (smishing) that are also used by cybercriminals to steal personal information or gain access to your company accounts.
Some ways to spot phishing e-mails:
- the sender’s e-mail address has spelling errors
- poor grammar in the subject line and the body copy
- style errors which point to a non-English speaker
- the lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates)
- misspelled domain names
- no ‘About’ page or contact information.
6. Enable web filtering
By applying web filtering rules on your devices you can make sure that your people only access appropriate ‘work-related’ content, while you also protect them from malicious websites.
7. Back up using cloud storage for files and data
Valuable data can be lost or compromised in countless ways, from human error and physical damage to a cyberattack and ransomware or other types of malware that can lock up or wipe out entire systems.
Cloud storage enables your people to still access their data if their device fails while working remotely and offers great flexibility and customisation. Just make sure your cloud is protected with authentication (better still, multi-factor authentication – see later) so only the right people can access it. Also, remember to delete obsolete data and files.
8. Control the use of mobile devices, removable storage, and other peripherals
With your team working from home it’s bound to increase the chances that they will connect insecure and mobile devices to your business network. But did you know, according to recent research by Trend Micro, device loss accounts for 41% of all data breaches while 14% of cyber threats get in via USBs/external drives. So we recommend you use device control within your endpoint management solution to mitigate this risk and be ready to locate and lock or wipe technology if you need to.
9. Lock devices – especially when out and about
As an addendum to our advice in point 8. above, if your people do have to work in public spaces from time to time (or if they just want to keep information confidential whilst at home), then it’s vitally important that they keep their device secure. Password or passcode-locking a device will not only prevent information being read or stolen, it usually encrypts contents until someone enters correct the password or passcode.
10. Discourage ‘Shadow IT’ solutions
If you have a number of people working from home, it’s likely they won’t have access to your in-house or outsourced IT professionals and in that situation Shadow IT – where non-IT staff find their own ways of solving issues without the approval of you or your IT team – can often come into play. These can cause all sorts of problems, such as compromising security.
11. Have your people secure their home routers
If your people haven’t changed their router passwords from when they were first installed, their home network is vulnerable and it is easier for malicious parties to access.
Have your team change their router passwords and ensure all firmware updates are installed so that security vulnerabilities are patched. Their router’s encryption should be set to WPA2 or WPA3 and they should switch off WPS. Their home Internet Services Provider (ISP) will be able to provide more information on this subject.
12. Establish and demand password best practice
Whether your team are working in the office or at home, security 101 is that all accounts, applications, and devices are secured with strong passwords. Unfortunately, many of us use the same password in many places which means that all it takes is one compromised password for a cybercriminal to gain free reign to so much else via a tactic called credential stuffing.
Passwords should be unique for every account and should not be shared but should comprise a long string of upper and lower case letters, numbers and special characters. To enable everyone to create new passwords and control and remember existing ones, a password manager is a really useful investment.
13. Go beyond password security with two-factor authentication
Sometimes you have to go further than just having strong passwords. In which case, go for two-factor authentication (2FA) or two-step verification (2SV), both of which involve an additional step to add an extra layer of protection to make sure only your people access the systems, applications, devices, and information they should.
It needn’t be complicated, the extra step could be a simple e-mail or text message confirmation, a biometric method such as facial recognition or fingerprint scan or a physical option, such as a USB fob.
14. Install firewalls
Firewalls give you a first line of defence, a barrier between your
devices and the Internet, by closing ports to communication. This helps to prevent malicious programs entering into, and stops data leaking out from, your devices.
Usually a device’s operating system will have a built-in firewall, as will hardware like a home router – you just have to be sure these tools are enabled.
15. Install antivirus software
You have to assume that a threat will eventually breach your firewalls, so investing in proven and appropriate antivirus software is always money well spent. Think of this as your second line of defence. Antivirus software will detect and block known malware and may even be able to remove it.
16. Be careful with remote desktop tools
To enable your people to access their work via your business networks, it’s possible you’ll use Remote Desktop Protocols (RDPs). While these can be secure there have been some concerns with tools so it pays to choose yours carefully.
17. Work-from-home scams
These are legion and are likely to increase as more of us work from home during the Coronavirus crisis. They can range from targeted phishing attacks to those work-from-home schemes that typically require personal information or upfront payment before you can start!
Nobody should ever share personal information with or make a payment of any kind payment to, any individual or organisation they haven’t thoroughly researched and are completely confident in.
Do warn your people about some of the sophisticated multi-level-marketing (MLM) scams out there. These are often well-disguised as credible, legitimate and attractive work-from-home opportunities.
18. Resources and reporting
Make sure your remote working team have clear and easy to use resources, such as a central point to go to if they have any questions, concerns or want to report a suspicious activity or security breach. An easy-to-remember e-mail address or phone number is a good place to start.
Please do encourage an environment where honesty and sharing is encouraged, so no one tries to cover up an error only to make a risky situation worse.
Here to help you during this difficult time
If you run a small to medium-sized business in London, you’ve already got plenty to think about when it comes to your response to the Coronavirus pandemic.
As the go-to IT support team for London when it comes to cybersecurity technology and consultancy, we’re here and happy to help you through this difficult time with best-fit, best-in-class cybersecurity solutions for remote workers. So please don’t hesitate to call us for a confidential, no-obligation chat about your requirements.
A word from Luis Navarro (Co-founder of totality services)
I hope everyone is well and healthy. The COVID-19 crisis has made me realise how much I have taken health for granted – we are so preoccupied with our hectic life, work and family matters that our health seems less important than many of the daily things we have to do. My perspective has definitely changed now.
I have been trying to preserve some sense of normality and routine, and that has been very important to me during this time. I wake up very early every day (5:30am) and go for long walks in London to specific landmarks or areas. Please see below, for some photos I’ve taken on my journeys – they include Craven Cottage (Fulham FC), St. James’s Park and Albert Bridge.