The UK has now surpassed its one-year national lockdown anniversary, and since the briefing on the 22nd February, it doesn’t seem like we will be approaching the in-office working lifestyle any time soon. Even though the past twelve months have put many of our lives on hold, it has also pushed the boundaries of working culture by showing that organisations can successfully operate from the comfort of our own homes. How this has changed the way businesses will operate once lockdown is lifted still remains uncertain, but many companies are now looking at a more remote/flexible working schedule – but what are the risks of working remotely, and how can you and your company try to mitigate these risks?
We have created a guide on the different ways a cyber criminal could be taking advantage of your new working environment and how you can avoid this to protect your data and finances.
Insecure Workspace
Since the national lockdown began in March 2020, many people have transformed their homes into a place of work and study – with new setups, PCs and workstations, everyone has become more comfortable in their new ‘office space’.
Yet, according to SailPoint, organisations are more at risk from remote workers due to incorrect use of security measures, increased phishing attacks, insecure personal devices and networks and through human error.
Risk #1: Email Encryption
With the increase in electronic communications, cyber criminals have been capitalising on this to try and compromise organisations. According to Egress’ 2021 Data Loss Prevention Report, email has seen the biggest usage increase (above both video-calling and messaging apps) with 85% of employees surveyed in both the UK and the US are using and sending more emails. Emails can be extremely vulnerable and accessible by cyber criminals as these are not encrypted – meaning anyone can view your emails and its contents/attachments. Sending sensitive information via email without encryption is the perfect opportunity for a cyber criminal to cause serious damage to your organisation.
64% of IT Leaders Believe a Remote Workforce will Mean More Future Email Data Breaches!
– Egress’ 2021 Data Loss Prevention Report
Solution: Be cautious when sharing information via email – anything that is classified as ‘sensitive’ or ‘confidential’ should only be sent via email encryption or another secure messaging service.
Risk #2: Phishing
Phishing is one of the most common ways a cyber criminal will try and compromise your business. Not only is this incredibly easy for them to do, but it is one of the best ways to get into your networks and systems as all they have to rely on is human error. There are over 3.4 billion fake emails being sent daily and these are becoming more sophisticated by being more personal and seemingly genuine – it is no wonder 47% of employees fall for phishing scams, especially due to working-from-home distractions.
Solution: Ensure that you and your employees can spot phishing emails to avoid installing malware onto your devices or being deceived into providing finances and data. Always question the nature of an email, especially if they appear to be too ‘urgent’ or pressurising you to click links or provide information. Ensure email addresses are genuine and be vigilant with spelling/grammatical mistakes – it is also advised to independently contact the company/sender to see if the email is genuine.
Risk #3: Insecure Personal Devices
As employees have been working from home, they have been using their own devices to access their work accounts, files and emails. However, without the appropriate security software and practises, these can be extremely vulnerable to potential cyber criminals.
Solution: When using personal devices for work, it is best to ensure that these are as secure as possible to, not only protect your organisation, but to ensure that your personal information is also secure. Ensuring you have sufficient anti-virus software on your devices is a must, and also ensure that these are registered with your company’s BYOD scheme. For further information and guidance, it is best to speak to a member of your IT team.
Risk #4: Human Error
Human error is the biggest cause of a security breach in an organisation; with 80% of cyber security breaches being a result of staff error. This is simply down to not educating your employees on the best practises and methods to keep data and devices secure.
Solution: Ensuring staff are cyber-aware and practising the best methods to ensure company data is secure is one of the simplest, yet more effective, ways to protect your business. Investing in a learning platform such as Mitilearn is an hassle-free way to ensure your staff are regularly educated on the latest best-practises and cyber-criminal tactics.
Risk #5: Password Management
Having just one password for your work and personal accounts is not recommended. If your password was to be compromised, then everything assigned to that password will also be at risk with valuable data being stolen and exploited. However, having unique passwords for every account is not ideal either, this can lead to over simplifying passwords to make them easier to remember, which again, is a huge security risk.
Solution: Implementing password managers, two-factor authentication and single sign-on throughout your organisation is the most effective and efficient way to ensure your accounts remain secure whilst reducing the risk of a data breach.
Google found that not one of its 85,000+ employees had a compromised account since introducing mandatory two-factor authentication across their operations.
Risk #6: Insecure Networks
Using insecure and public networks can be extremely risky and it is recommended to avoid conducting sensitive activities over these. Public networks are usually unencrypted, meaning if you connect to it, anyone else connected could view your emails, account login details, lead you to malicious websites and try to steal your data.
Solution: Using a Virtual Private Network (VPN) is one of the most effective ways to ensure that your devices and accounts are secure when online. A VPN allows users to privately and securely access company files and data from a remote location. It is also recommended to use a hotspot from your mobile phone to carry out your work if you cannot connect to a private and secure network – ensure your hotspot is password protected so it is only you on the network.
