4 ways to stay safe online when you or your team are working from home
The threat of cybercrime has increased significantly since the start of the pandemic, especially as more of us are working remotely and at home. We explore what you can do to keep you and your employees safe.
According to research by Virgin Media O2 Business and the Centre for Economics and Business Research, business leaders share employees’ enthusiasm for hybrid working, with more than two thirds (69%) believing changes to working policies driven by Covid-19 will be made permanent. This has been motivated by growing demand among employees for better work-life balance, with 85% reporting that working remotely offers them additional leisure time to relax, see family and friends or spend time pursuing hobbies.
There is close alignment between organisations and their people on what they view as the optimal working arrangement in future, too. Employees now expect to work remotely 2.5 days per week, while company leaders also expect employees to work remotely about half of the week (2.3 days).
Remote and home working has many benefits but there are challenges too, and keeping our people safe online is key.
In the UK, 39% of businesses experience cybersecurity breaches or attacks every year. With the increase in home working, cybercriminals have sensed an opportunity, and threats have increased in number and sophistication. Experts suggest that the pandemic has led to a 15-fold increase in online scams.
One of the reasons for this is that when we work remotely, our personal and work tech often overlap. Employees use work and personal computers or smartphones interchangeably for work and leisure, leaving work channels and company data increasingly vulnerable.
The good news is that there are steps we can take to minimise the chances of an attack and reduce security vulnerabilities. We’ve shared some key steps below, using insights from Vishnu Varadaraj, Senior Director at McAfee.
1. Use a VPN
A virtual private network (VPN) helps protect data and keep browsing behaviour secret, reducing the chance of criminals tracking your employees’ activity. Without protection, sensitive data can be given away online as you or your employees access cloud-based services or even just browse the web.
Not everyone realises that VPNs protect smartphones too. If employees are viewing work data or making a transaction on their phone when they are out using public wifi, or on home wifi that’s not properly secured, a VPN reduces the chances of them being tracked by criminals.
2. Deploy a Password Manager
Cybercriminals make the most of weak passwords – it’s a major way hackers gain access to systems and data. Using easily guessable passwords or details that have already been leaked, and are being traded by criminals, significantly increases the threat of an attack. Multi-factor authentication (MFA) which requires employees to authenticate their system access, for example using a one-time passcode, reduces vulnerabilities caused by weak passwords. But MFA is not always switched on, resulting in ransomware attacks.
One option for business owners is to consider deploying a Password Manager for their employees. It’s useful software that automatically generates passwords that are hard to crack. It then stores them safely so employees don’t have to remember them. A Password Manager breaks bad password habits and reduces risks, meaning employees can no longer use personal details for all of their passwords.
3. Secure work-issued devices and be careful using personal devices
Any work-related smartphone should be as secure as possible, using security software that can reduce vulnerabilities and protect your data if a device gets hacked or lost. There are several options to explore here.
Working remotely makes it easier for us to disregard the boundaries between work and leisure in which devices we use, particularly smartphones. It’s important that employees are aware of the risks of using a personal smartphone for work purposes: it’ll be less secure than their work device and might even have a virus or malware on it, leaving the door open for cybercriminals.
At the same time, many people working in smaller businesses might already use the same device for work and leisure. Some organisations also have Bring Your Own Device (BYOD) initiatives. In these cases, educating employees on cybersecurity and encouraging vigilance is important. There might also be ways to provide security measures for personal devices, for example using tools to create separate work and personal containers on BYOD phones.
4. Follow a Zero Trust model
The chances of your sensitive data being breached increases as more employees access it. By limiting the number of employees who have permission to access specific data, you minimise the associated risk. For example, if you store customers’ personal data, it should only be accessible to the employees who need to see it.
This is an example of a “Zero Trust” model – a philosophy that limits access to information only to those who need it. This means never sharing personal log-in details with others (such as sending passwords over email), and only giving selected roles access to certain applications and systems
A Zero Trust approach might seem severe, but it’s a highly effective strategy considering many security issues are caused by human error. Following Zero Trust means you reduce the number of potential issues you might run into.
For more information about how to keep your business and employees safe wherever they’re working, see our cybersecurity solutions for small and medium businesses.