Cyber security risks for the remote worker

Remote working, and the technology that enables it, has been a godsend for many businesses in the past few months. The coronavirus has enforced an experiment in working from home that has opened up new possibilities for companies and their employees, and as a result, remote working is here to stay.  

But while a home-based workforce can help limit the spread of the virus, it may also introduce risks of a different kind. Increased reliance on the cloud for communication and storage can make businesses more vulnerable to cyber attacks. At the same time, the protections that the traditional office environment afforded employees, such as firewalls and blacklisted IP addresses, may not be in place in a home office setting.  

Here are some of the main risks that a business employing remote workers should be aware of. 

Lack of remote working policy  

If you’ve never had a remote workforce before, you might not have any documented policies about the dos and don’ts. But going forward, it’s essential that everyone’s on the same page. Take the time to create a policy for your team which includes clear rules covering everything from the passwords they use to the way their devices are stored. Try to involve employees in the creation of the policy by asking for feedback on issues they need clarity on, and making sure everyone knows how vital these rules will be for the security of the business. 

Remote employees using their own devices 

Lots of people have worked through lockdown using their personal home computers or tablets. For some, it was the only option: the enforced home working took many of us by surprise and there was no time to supply an alternative. But in the long term, using personal devices to do company work is a big no-no. Instead, each remote worker would ideally be issued with a laptop, tablet or mobile that’s to be used exclusively by them whilst working from home. 

Forking out for devices for every employee may seem expensive, but the price you pay for a data breach could be a lot higher. Think about it: if employees aren’t using company-owned devices, things like antivirus software, application updates and secure authentication are completely outside of your control. How do you monitor who’s accessing sensitive data if it’s stored on a private machine that might be shared with others? If you want to protect your data going forward, now’s the time to formalise your remote working procedures with company devices for all. 

Weak login credentials 

Working from home means logging in remotely. Every time someone uses data in the cloud, there’s an increased security risk – however small – which means it’s extra important to use unique, strong passwords that are kept private and not re-used: poorly-formulated login credentials could be easily exploited by hackers. Using tools like LastPass can help ensure that passwords are strong, and that they’re stored securely.  

Vulnerability of home networks and broadband  

How secure is your home broadband connection? Unlike broadband for business, home connections often have weaker security protocols, because they’re not designed to protect business data. If you’re not sure, you can always give us a call to talk it through. We can help you with your cyber security needs and provide expert advice and tools to combat risk. 

Reliance on cloud-based tools 

Zoom, Slack and other cloud-based apps can be invaluable when connecting and collaborating with a remote workforce, but with any cloud-based technology, it’s important to consider the security implications. Take the time to evaluate the risks you’re taking whenever you select a cloud-based tool for your business. You might decide that the risk is acceptable in some scenarios but not others – for example, it’s OK for a Friday afternoon social get-together but not for a confidential client meeting. Or you might say that everyone needs to customise their settings to the highest level of security. For example, on Zoom you could disable the file-sharing option, to stop the spread of malware.  

GDPR breaches 

Working in an office, GDPR policies are usually simple. There’s filing space for confidential paper files, and the personal data revealed in a phone call isn’t likely to be overheard. But for remote workers, you need to make more effort to secure your client data. All the little things that might seem inconsequential – like working from a café or sharing a workspace with family members – could, in fact, put you in breach of GDPR regulations.

Put policies in place to make sure that confidential conversations can’t be eavesdropped, private data isn’t visible on a video call, and a lost laptop can’t be accessed by prying eyes. For those using BYOD (Bring Your Own Device), consider utilising Mobile Device Management (MDM) tools to remotely access any lost or stolen devices and remove and wipe any sensitive data. 

Phishing scams 

Phishing has always been a problem, but it may become more of an issue in this age of coronavirus. Unlike many cyber security risks, this one isn’t based on technology. Instead, it preys on human error and vulnerability. 

In a phishing scam, crooks exploit someone’s fear or curiosity to get them to reveal their personal data. This may be more likely to happen if employees are working alone, and especially now that there’s so much important legitimate messaging going on with things like contact tracing and HMRC grants. The global move towards remote working amid lockdown scenarios means that there has been a spike in virtual interactions – and the phishers have moved in for the kill. As such, it’s really important that everyone in your organisation gets proper training to differentiate a legitimate message from a scam. 

Need help with cyber security? 

One of the best ways you can protect your company data is to get help from the professionals. At Croft, we’re old hands at remote working – so we can listen to your needs and advise you on the right technology. Get in touch with our expert team for invaluable advice, or get a free quote on any remote working equipment your business may be lacking.