The abrupt shift to working from home has affected around 60% of UK workers during the COVID-19 pandemic. This shift has been equally as abrupt for many firms’ cyber security policies, with the workforce now scattered, internal firewalls acting as a line of defence against cyber attacks are temporarily redundant.
Many cyber security measures have fallen behind in the shift to remote working, which can pose a large risk to a firm’s security if these measures are left unaddressed. In addition to this, remote working has created new opportunities for cyber criminals and can leave employees more vulnerable to these attacks due to unprotected networks, lack of remote working cyber security training and use of personal or family devices for work purposes.
Remote Working Cyber Security Risks
Due to the pace of the pandemic, many organisations have had little time to prepare or organise their cyber security policy for remote working, and, if they did have an existing plan in place, no time to test these policies for weak spots.
Some of the main cyber security risks posed by remote working often include, and can be exacerbated by;
Unprotected home networks: Working on an unprotected home wifi network or public wifi can create a significant security risk. Without a firewall separating your employees from the general public, others using the same network can gain access to your traffic and find a way to access your organisation’s information on that network.
Outdated software on personal devices: Cybercriminals tend to prey on individuals using outdated software which can often contain bugs or vulnerabilities that are usually fixed by subsequent updates. Unknowingly using a device running on out of date software, can leave your employees and your organisations’ information more vulnerable to exploitation by cyber criminals.
Lack of employee training on cyber security for remote working: Not providing adequate and specific training to employees on cyber security best practices when working from home can leave them more vulnerable to such attacks. If employees are not trained to identify potential threats or weaknesses in their home device’s security, they may continue to use these for work purposes and leave sensitive information vulnerable to exploitation.
Lack of perimeter-based firewall protection: Although it’s true that in many cases the endpoint is now the perimeter of the network, most firms still have sophisticated firewalls at the perimeter of their corporate network. For many, the move to remote working has reduced the effectiveness of those solutions and home networks won’t have the same level of protection.
‘Zoom-bombing’ attacks: Zoom is just one of the video conferencing that many firms have become reliant upon with the shift to homeworking. However, Zoom has come under fire recently due to ‘Zoom-bombing’ which involves attackers hijacking video meetings to spread malicious content or software.
Lack of centralised repository for saving data: In an office environment, information is often backed-up on a traditional server or automatically onto a cloud-based file system such as OneDrive or Egnyte. Remote working has created the need for all employees to have access to a Cloud-based file system to backup their data remotely. Not only will this ensure that data is protected by the Cloud system’s security measures, but it will also make information recovery easier in the event of a data breach or loss of a personal computer.
Protecting Your Business
Although the sudden shift to remote working has created some gaps in many firms’ cyber security policies, there are several steps that employers and employees can take to maintain robust cyber security while working remotely.
Consider migrating your business applications to the Cloud: Many Cloud applications now include sophisticated security features compliant with security regulations. Designed to keep any data stored on their servers safe, as well as provide a back-up of information in the event of loss or damage to a personal computer while working remotely.
Require your employees to connect to the internet via a VPN: VPNs (virtual private networks) work in a similar manner to a perimeter-based firewall. VPNs establish an encrypted connection over the internet, making it difficult for cyber criminals to intercept your data, find out your location or monitor your activity.
Invest in remote working cyber security training for your employees: With cyber attacks becoming more sophisticated, it is important to keep employees up to date with the latest trends in attacks so they can more easily identify and avoid them where possible. Train your employees how to identify Phishing attacks and domain hijacking, and also educate them on how to identify which software or plugins are safe to download.
Encourage the use of separate work and personal devices: Employees are more likely to run their personal devices on outdated software or have previously downloaded malicious software, unknowingly onto a personal computer. While this may not have previously posed a threat to your business, with many of us now relying on our personal devices for working from home, these issues can leave your data vulnerable to cyber criminals. Consider instead supplying employees with work devices such as laptops or mobile phones installed with up to date cyber security software.
Read our Remote Working Cyber Security Tips guide for more information on how you can protect your business from cyber-attacks.
Organisations are facing unprecedented challenges in shifting to remote working. Not only for business processes but also for cyber security. Although the shift to working from home was sudden, and consequently left many organisations vulnerable to cyber attacks unintentionally, there is a lot that can be done to protect your sensitive information while working remotely.
At Tribeca, we specialise in providing robust cyber security solutions and services to organisations in the financial and alternative investment sectors. Our services include end-user training programmes and ongoing vulnerability scanning with the latest technology in cyber security. For more information on protecting your business with the help of an IT Managed Services provider such as Tribeca Technology, contact our team today to discuss your business’s cyber security needs.