Work From Home
In recent years, many workplaces have strived to create a better work-life balance for their employees, including remote and flexible working hours. This process has been slow and arduous, partly because of the security risks involved. However the last two years have forced an accelerated leap to remote working in virtually all sectors.
This process contained vulnerabilities that cybercriminals were ready to exploit.
Are you or your staff set up to ensure that you stay compliant?
Are you able to manage your team to check that they are working from home
Cypro can help you set up policies and processes to keep your remote staff secure while working from home
How to keep safe with remote staff
Employees who work from home can protect their personal and company information by following remote work security best practices. Some of the Security best practices for employees working from home. There are more that can be discussed as every business will have different systems and requirements for the team to be working on.
Secure home networks
Home networks are inherently less secure than networks that employees connect to in an office. Wi-Fi routers come with a default password that is often relatively easy for hackers to crack.
Remote workers should set a unique password that they can easily change from the router’s configuration page by entering the router’s address, for example “192.168.1.1”, into their web browser. In this way, users can also change the network name – or service set identifier (SSID) – to make it more difficult for a hacker to identify and access the network. Home networks should also be strengthened with network encryption, which can be changed in the security settings on the router’s Wi-Fi configuration page.
Other measures to strengthen Wi-Fi include restricting access to certain MAC addresses (Media Access Control). In addition, the router should always be running the latest firmware version available.
Use antivirus software
Antivirus software helps combat threats by automatically detecting, identifying and preventing viruses, phishing scams, malware and other attacks.
In addition workers should use internet security software such as cloud backup products, identity theft protection, password managers, secure web browsers and VPNs to protect their devices.
Use strong and secure passwords
Each account should have a unique password that has not been used for any other service, is at least 12 characters long and witha combination of letters, numbers and special characters.
A password manager is recommended so that stronger and more unique passwords for their numerous accounts can be remembered.
Two Factor Authorisation
Using passwords alone is no longer enough. Passwords can be cumbersome and the temptation to use easily remembered passwords or have them shared is always a risk. 2 Factor authorization is now more and more common with many software and programs having it as mandatory.
A large proportion of cyber-attacks occur via email. Workplaces have strict email protocols that prevent spam and suspicious attachments and even some email address types from being opened by staff.
Employees at home may not have this level of security as well as using personal computers and equipment. A recommended step is to only access email accounts through a VPN that encrypts connections, devices and user data in transit.
All remote staff must remain vigilant to recognise phishing emails and avoiding links and attachments in messages. Regular training to help staff recognise these phishing emails is important. Cypro can help you with your ongoing staff training.
Data Loss Protection
Working remotely increases the risk of data loss or theft during cyber attacks. Data loss prevention (DLP) tools enable organisations to detect and prevent data breaches, accidental data disclosure and malicious theft. They prevent unauthorised persons from accessing sensitive data, which is essential for internal security and compliance with increasingly stringent data protection regulations.
User behaviour analysis (UBA)
With employees working remotely, it is more important than ever for businesses to understand what they are doing when online.
UBA can monitor the frequency with which users perform certain tasks and looks for usage patterns that may indicate suspicious or malicious behaviour.
It converts data into cipher text that can only be read or decrypted by the sender and recipient. Encryption also helps companies ensure the authenticity and integrity of data, as it can prove that the data has not been altered in its original state..