The majority of UK based workers have had to adapt to working from home over the last few months. According to the Office for National Statistics in April 2020, 86% of us were working remotely due to the Coronavirus pandemic. This dramatic shift in working styles has posed many challenges for businesses and employees alike and has exacerbated issues of cyber security. This threat has been of particular concern for organisations in the financial services sector, which are often the primary target for cyber criminals.
Remote working could be here to stay, at least for a little while longer, and it is paramount that firms adapt their cybersecurity policies accordingly to account for this change. There are, however, some best practices for employers and employees alike that can help to mitigate the cyber security risks of remote working.
Security Risks Posed by Remote Working
Any organisation, even those who have been swift to adapt their remote working security policies to accommodate for the changing work patterns, can succumb to cyber security attacks if their protocols are not followed correctly. Some of the primary threats to organisations cyber security during the course of the pandemic include;
Rise of ‘Zoom-bombing’: ‘Zoom bombing’ attacks involve cyber criminals hijacking video meetings to intercept information or spread malicious content. These types of attacks are not limited just to Zoom’s platform and can occur on other video conferencing software.
Employees using personal devices for work: Personal devices such as laptops or tablets are more vulnerable to interception by cyber criminals. Often, antivirus software is not installed or not updated as frequently on personal devices, creating weak spots that cyber criminals can exploit.
No centralised data repository: A centralised data repository, now commonly a Cloud computing solution, works to back-up data, and make it easier to retrieve should an employee’s device fall victim to a cyber attack. Without one, bouncing back from an attack and assessing the extent of an information breach can be more challenging.
If these cyber security threats and risks are left unaddressed, it can leave your client’s and business’ data vulnerable to cyber attacks. Which can cause widespread disruption throughout your business, compromise relationships with your clients, and damage your business reputation.
Read our Remote Working Cyber Security post for more information on the potential cyber security risks of remote working for your organisation.
Top Security Tips for Remote Workers
There is plenty that employers and employees can do to help protect your business’s sensitive information from cyber attacks. Here are our top remote working security tips for protecting your business and your clients.
1) Use a VPN: A virtual private network (VPN) works in a similar way to a perimeter-based firewall to encrypt and protect your employees’ network use. Establishing a secured and encrypted connection to the internet, makes it more challenging for cyber criminals to intercept information or monitor your activity.
2) Secure your home wifi connection: If your organisation is not interested in investing in a VPN host, you can still secure your home wifi connection to prevent cyber criminals from monitoring your activity or accessing your data. This can be as simple as creating a strong and unique password and changing it at regular intervals. Or enabling network encryption under your wireless configuration settings.
3) Create strong passwords, and store them in an encrypted password manager: We are all often encouraged to create strong and unique passwords when creating accounts. But ensuring that we are able to do so and remember each one can present a risk of its own. Log-in credentials written down on paper is easily lost or intercepted. Using an encrypted password manager such as Keeper, LastPass or Dashlane will ensure that all of your passwords are stored safely and can encourage users to create stronger or more complex passwords as they do not need to remember them.
4) Beware of Phishing scams: According to HMRC, firms have seen a 73% increase in Phishing emails between March and September 2020, as well as an increase in phone scams. While many email providers and cloud services have sophisticated software to detect Phishing attacks, educating your employees on how to spot Phishing emails or phone calls will create an additional line of defense.
5) Encrypt sensitive data in emails and other communications: When communicating internally or with a client, consider encrypting any data or sensitive information that you share. This can be done natively with many corporate email systems and should be encouraged across your organisation while working from home and within the office.
6) Use separate work and personal devices: Using separate devices for work and personal internet use will reduce the risk of exposing your sensitive information to cyber criminals should one of your devices be compromised.
7) Keep operating systems up to date on work devices: Software updates are usually designed to fix bugs or vulnerabilities within older software. These vulnerabilities in older versions of software can often be exploited by cyber criminals.
8) Enable automatic locking on your devices: Enable automatic locking on your device screens if you are inactive for a certain period of time. This can prevent an unauthorized user from accessing sensitive information on your device while you are away from the screen. Consider setting a locking timer for between 5 to 10 minutes of screen inactivity.
9) Use two-factor authentication: Two-factor authentication only allows access to your device or data once two pieces of evidence to authenticate your identity have been provided. This can help to reduce the risk of successful phishing emails or other breaches as an attacker may be able to gain access to your password but they may still not be able to log in without a second piece of information.
Cyber security threats are faced by employees and organisations across all sectors. Many of these risks have been exacerbated by the shift to remote working and the coronavirus pandemic. However, there is plenty that employers and employees can do to help mitigate the risk and protect sensitive information from attackers.
Tribeca specialise in providing tailored IT managed services to organisations in the financial services sector. We can help your organisation to create and enforce a cyber security policy suitable for office and remote working. Our services and technologies include multi-factor authentication, encryption, and vulnerability scanning to help craft a robust cybersecurity plan tailored to the needs of your organisation, whether working in a Hedge Fund or Private Equity firm, or any other type of business in the Alternative Investment industry.
For more information on how to protect your business against cyber threats while working from home and in the office, get in touch with our team today.