The rapid increase in remote working as a permanent fixture in businesses has blown a hole in many existing cyber security protocols. Unsecured home computers and other devices being used for remote working pose potential security risks, particularly when connected to or sharing media with workplace networks.

Thankfully, there are ways to mitigate this. A combination of managed cyber security and changes to people’s behaviour and practices can make personal devices safer to use, as well as securing work devices even when away from your business’ local network. Implementing these changes can bring remote working under the business’ cyber security umbrella, making you and your employees more responsive to and resilient against cyber security threats.

Cyber security and remote working

Cyber security is a crucial tenet of any modern business. From offices to construction sites, much of the work we do is now digital, from sharing and collaborating on files and documents to storing customer and client data. All of this information needs to be kept secure from malicious actors, who may wish to acquire it for a variety of reasons, or simply to compromise your systems as a form of blackmail or reputational damage.

Maintaining good cyber security practices can be difficult enough within the confines of your workplace. But remote working introduces a new threat, and new vectors for attacks. While you can closely control your own internal workstations, devices and networks, doing this for employees’ personal devices is much more difficult. This introduces potentially insecure devices to your network, connecting directly with internal devices or sharing files via email, USB drives, or cloud storage services.

Where you have certain guarantees about your own devices and how they’re managed – firewalls, malware protection, email filters – people’s personal devices offer less certainty. While some behaviours will be consistent between home and work, personal devices can be exposed to unique risk factors. People might browse different websites at home, download files, and do other things that put the device at risk of being compromised – and spreading malware to your internal systems.

How to improve remote working cyber security

Cyber security shouldn’t be seen as an insurmountable barrier to remote working. Instead, it should be an extension of your existing cyber security measures. Instead of considering work and personal devices as separate, they should be looked at holistically, albeit with different problems to address. In much the same way as display screen equipment (DSE) guidelines apply for remote workers, cyber security must go beyond the workplace.

There are a combination of behavioural, policy and technical measures you can implement to improve remote working cyber security. These include:

Use unified communications

Customer data and other sensitive information can easily become fragmented as a result of remote working. Data may end up on various computers and be shared across various platforms, exposing it to greater risk. This lack of centralisation can make it tough to keep track of everywhere data is being stored, and lead to files falling through the cracks, and potentially being lost or stolen without the business’ knowledge.

Unifying your communications under a single platform such as Microsoft 365 can allow you to manage data more effectively across locations. By using the same umbrella of applications to have discussions, make decisions, and share and collaborate on files, all of your information can be stored safely in the Cloud, without having to download it locally. This not only keeps data more secure, but allows you to track version histories more efficiently, and to be more transparent about the work you do.

Improve your password security

Passwords are perhaps the most important and least considered aspect of cyber security. Coupled with strong account controls and permissions management, password protection is the main way of preventing malicious actors from getting access to your files. Easily guessed or ‘bruteforced’ passwords (the equivalent of going through the phonebook and trying every number) can give hackers full access to someone’s device or network, allowing them to steal files and compromise systems.

Many people fail to appreciate the value of passwords until something bad happens to them. They use their own name, company name or date of birth in their passwords as they are easy to remember, and use the same passwords for numerous accounts. But this also makes them easy to guess, and unreliable as part of a cyber security strategy. If passwords cannot be relied upon to remain unbroken, the entire house is at risk of collapsing.

There are easy ways to improve password strength that don’t require you to remember long strings of strange characters. Writing passwords down on paper is safer than using bad passwords, as it requires people to have access to your home or workplace, but it still isn’t recommended. Instead, use long but memorable and hard to guess phrases, such as “MyWeirdlyLongAndStrangePassword”. Otherwise, consider an enterprise password management solution to store many different passwords.

Use secure connections

While some companies will store everything in the Cloud, it’s likely that employees may have to connect to remote workstations at some point. This may be to access files on their work computer, or to use it remotely for tasks that their personal devices aren’t capable of, such as for rendering or other high-performance tasks. In this instance, it’s vital that this connection is made safely, and cannot be hijacked by others to gain access to files on your network.

You may already have heard of a virtual private network (VPN), and this can be a helpful tool for safer browsing provided it is set up correctly, particularly on public networks such as cafes if workers are not at home. For connecting to remote workstations, a range of Remote Desktop Services are available with advanced security features, including SSL encryption and IP restriction. Further advice on how to secure Windows’ Remote Desktop Protocol (RDP) can be found here.

Protect personal devices

It isn’t always possible to equip every employee with a business laptop, desktop, or other digital device. But when employees are allowed to use personal devices for work, it creates unique cyber security challenges. They may not have the same encryption as your work devices, may lack the same firewalls and malware protection, and may be more susceptible to be accessed by other people, be it physically, online or over unsecured networks.

If separate work devices aren’t realistic, employee’s personal devices should be protected to the greatest extent possible. Enterprise antivirus and anti malware software can be licensed to and installed on personal devices to protect from online threats, and often provide advanced features such as additional firewalls and active threat scanning alongside file protection. Encryption software such as Microsoft’s BitLocker and MacOS’s FileVault can also help to protect files, provided that the passwords used are strong enough to prevent full access.

—

These are just a few of the ways that businesses can ensure remote workers are working safely, and not posing a threat to your business systems. To discuss your cyber security strategy or for any other information about IT services, get in touch with Sota today.