8 Tips for secure home working
Even before the dreaded C word descended upon the globe, businesses were warming to a more flexible home or remote working situation for employees.
Fast forward a few months to the present day, current UK government advice still encourages individuals to work from home where they can.
As an example, ING Bank in Spain have this week announced that they have made the shift to allow more of their employees to work from home on a more permanent basis.
The number of companies adopting a more flexible home or remote working situation for their employees is only expected to rise in the coming months, as we adjust to a ‘new normal.’
We compiled a list of the key things for business owners and CISOs to have in place, and that employees should be aware of, in order to maintain a safe and secure remote working setup.
1. Phishing Awareness
The number one culprit for cyber security breaches in the UK. Phishing scams target businesses via their employees, through sophisticated email attacks that often contain links to fake websites. This can prompts an undetectable download of malware into the organisations network by bypassing external security firewalls. Malware downloaded as a result of an unknowing click, usually by an employee, can often sit undetected within the company’s network for months and poses an incredible risk to company data and IP – not to mention huge potential fines.
It is paramount that employees are trained and aware of the potential risks and know exactly who to contact in the case of a suspect email or suspicious link. It’s important to encourage a positive culture and open communication between employees and the IT department.
2. Secure Connection
Another organisational pitfall is the use of a secure connection, or VPN, when employees are travelling or working remotely. Many people are unaware of the high risks associated with using an unknown network connection, such as public WiFi. Depending on the configuration of the router, an open connection leaves your device open to breach via the IP source, which then give the hacker access to account credentials, cloud databases and sensitive personal info, to name a few.
Mitigate risk by making sure anyone working for or on behalf of the business (with access to the network), at whatever level of seniority, uses a secure connection such as a VPN when working remotely.
3. Third-Party Controls/Access
Depending on the nature of the job roles within the organisation, different employees may have different needs to access specific areas of company/customer data. Current GDPR legislation dictates that an employee must have access only to the data or information needed to complete their job role.
By controlling and monitoring the permissions and access of all users with the types of data available to them, businesses can ultimately reduce risk. The less people with access to information, that could cost the business a great deal if compromised, the less risk of it being breached.
For employees using work devices, such as phones or laptops, Serbus offer. an MDM solution that can be managed centrally either by us or your IT department. This enables businesses to control the applications used by employees, to ensure they’re safe, and we also offer a secure voice and messaging application to protect communications between sites and departments.
4. Cyber Security Policy
A clear and concise written plan for the organisation’s strategy, which offers the business and all in it a cohesive outline of present-day best practice and future amendments to the cyber security protocol of the company. For larger enterprises, this is best to be segmented to accommodate for clarity within different hierarchical levels.
A sectional structure will allow employees to clearly read the rules and best practice for remote working. Regular review and reminder of the policy with employees, old and new, will help keep the processes fresh and properly adhered to.
5. Weak Points
Regular assessment for weak points will expose the parts of the business that need re-enforcing against potential breach. Pentests are usually a job for the IT provider/department, or tech-savvy small business owner, and regular software updates should be conducted to patch any potential security kinks or flaws that could create an entry point for hackers.
Updating software will allow the providers to patch any security flaws they have uncovered in the system, as well as ensuring efficient business processes. For businesses with an MDM network solution like Serbus Secure, updates can be automatically made across all associated devices by the system manager, which will remove the responsibility from the employee.
6. Passwords
With threat ever on the rise, and the frequent theft of credentials, it’s mind-boggling just how many of us still use simple passwords. Recently, in advance of the upcoming Premier League restart, fans have been encouraged by the NCSC to reset the passwords for their streaming sites to ensure they are safeguarded from hacks. Previously, GCHQ revealed that hackers accessed nearly 700,000 accounts due to easy-to-guess football related passwords.
From a business perspective, making sure passwords are reset on a regular basis, after a breach, and making sure they contain a mix of numbers, letters, punctuation and capitalisation is crucial. Employees should also be advised to not use the same credentials across multiple websites, and that they are not personally linked to their interests or lives.
7. Multi-Factor Authentication (MFA)
A useful best practice feature, especially for companies where employees are able to access important company or customer information. An extra layer of security upon sign in, often employing the sign-in to a different trusted site, or code via SMS message or fob.
Employees using MFA, especially when working remotely, could help the business and their IT teams to secure and flag up any unauthorised logins to unrecognised devices or IP addresses.
8. Work Devices/Bring Your Own Device (BYOD)
Possibly one of the key points of best practice for remote or travelling workers to have in place is for employees to clearly understand and have access to a documented BYOD/Work Device security policy, and that if at any point a device is compromised (lost, stolen etc.) then the IT department is made aware.
As a part of our Serbus Secure suite of tools, our MDM solution has the ability to both defend the system from any outside attacks, before they happen, as well as giving you, us or your IT teams the ability to remotely access and control any device – an effective and efficient process if a device does become compromised.
For any further questions on best practice, or to chat about the Serbus Secure solution in line with your requirements, get in touch today on [email protected], or call us on +44(0)1432 870879.