4 Important Tips – Remote Working for Employees
It’s no secret that there has been a drastic uptake in the amount of companies now offering remote working for employees. What was already a slower adoption has now been forced by the circumstances of 2020, and businesses now find themselves in predicaments where employees working from home is the new normal.
According to a 2020 study, half of managers of remote working employees are unaware of their company’s remote working policy. Around 90% of these managers also believe that the future of working will remain remote.
A new era where remote working for employees is more widely available brings with it a parallel threat from the cyber world, as teams must rely on new software tools and their own devices in order to work. Currently, around 82% of companies allow their employees to use personal devices for work. Over the course of 2020 alone, the hacking world has taken advantage of the global situation and favoured DDoS, social engineering and phishing attacks as their primary source of infiltration. These types of attack in particular prey on the vulnerabilities of employee cybersecurity knowledge and device security.
With approximately 94% of all malware delivered by email and the average cost of a breach to a business totalling just over £100k in downtime, fines and damages, it’s fundamental that companies spend the time investing and educating their employees in the steps that they must take to mitigate cybersecurity risk whilst working remotely.
It’s come to light that employees save around 81 minutes per week using their personal devices for work, with 78% of employees of the belief that BYOD allows them to maintain a better work-life balance. However, 50% of companies that allow a BYOD policy experience breaches via employee devices. With this in mind we’ve compiled a list of the key things employees should keep in mind to ensure a reduced level of risk when using their personal devices for work at home.
1. Change Your Passwords
Many of us groan and mumble at the thought of having to harbour multiple credentials in our minds, so will tend to use similar passwords across multiple sites. The problem here lies in the use of the same password for work as for personal accounts, i.e. social media or online banking. The NCSC frequently investigates ‘credential-harvesting phishing campaigns’, where hackers will probe for old or existing credentials and sell them on the dark web to other cybercriminals that will then use them to attempt remote access to other online accounts or portals – for example, work emails or cloud access.
Using different passwords and changing them regularly will protect both your personal and work accounts from cyber criminals attempting mass-access.
2. Check Your App Permissions
It’s key when using your personal device to check the permissions your personal and work apps have. Apps will ask for access to other applications on the device (i.e. microphone, camera, contacts), which is why it’s vital to check what access you have granted to your Apps. Suspicious applications downloaded from the App store are often Trojan horses for cybercriminals who, if allowed, can gain access to any data on your device – including those with a direct link to your company network.
3. Keep Your Device Secure
It sounds like such a simple one, however it’s important that any devices that do get used for work, be it a mobile phone, laptop or tablet, is secured with its own password. This could be code, biometric or pattern, but it is key to protecting access to the data on your device from physical threat, i.e. if your device gets lost, stolen, or compromised in any way.
Research from Kaspersky Lab has found that about 50% of people still do not password-protect their mobile devices.
4. Keep an Eye on Connectivity
One of the largest and arguably understated sources of risk to mobile devices is the ways in which they connect to others. Bluetooth immediately comes to mind, and with the influx of Bluetooth related mobile tools (i.e. speakers and headphones) that have come to market over the last few years, many users keep the feature switched on at all times. This leaves a connectivity route wide open, and device and content exposed.
WiFi is also the biggest purveyor of cyberthreat, in particular public WiFi networks. If you’re sat in a café, airport lounge, or foreign place of business, when connected to their WiFi you’ve agreed to their permissions and giving them your data – in some cases, this is more data then they need. Another vulnerability with untrusted networks is the risk that a cybercriminal has infiltrated the WiFi network, and consequently has direct access to any device currently connected to it.
These are just a few best practises to maintain basic security when using personal devices for (remote) working. Depending on seniority and the level of employee access to sensitive data, goalposts will shift, and this is where it will be more prudent to enforce a stricter policy on BYOD, or even implementing an MDM to better control remote device access and security, secure voice and messaging to secure communication and threat defence to protect against malicious Apps..