From the way we educate our children to how we socialise with the people around us, the COVID-19 pandemic has had a massive impact on every aspect of our daily lives — especially in the world of work. Data compiled from a recent survey conducted by the Office for National Statistics (ONS) found that 25.9% or 8.4 million people are still doing their job from home, compared to 12.4% in 2019.
And, although homeworking certainly does have its benefits, allowing you to offer your employees greater flexibility and work-life balance while expanding your talent pool and boosting retention rates, it also increases threats to your cyber security. All it takes is one mistake to trigger a disaster, so you must install measures to protect your private data from breaches, identity theft, and all manner of other IT dangers. To help, here are three of the biggest cyber security challenges posed by off-site staff and how to fix them.
1. Connecting To Unsecured WiFi
With your staff now taking their work devices out of the office, stripping the technology of its cyber defences, accessing home wireless networks or using unsecured public WiFi, it’s even easier for criminals to spy on their connection and collect confidential information. Plus, while your business might use firewalls to protect against unauthorised access and block malicious activity, many people don’t have such devices guarding their network at home, leaving you vulnerable to attacks.
The best way to counteract this is to encourage your employees to use a VPN (Virtual Private Network). This tool reroutes traffic through your company’s secure internal network, encrypting transmitted data so that anyone trying to intercept this information will be unable to read it. You should also stress the importance of keeping software updated. This ensures cyber criminals can’t exploit gaps in your network and plant ransomware or data-stealing malware.
2. Phishing Email Attacks
Phishing schemes are emails made to look like they are coming from a legitimate source, and they are becoming increasingly more sophisticated and harder to detect. They often pass through your employees’ email filters and into their primary inbox. Attackers send these emails to trick the victim into clicking links and downloading malware, providing their login details or compromising other privileged information so they can hack into their accounts, steal confidential data and more.
Here are some of the most common phishing emails to be aware of:
- Spear phishing — whereas phishing attacks send out emails in bulk to as many potential victims as possible in the hope of getting a catch, spear phishing targets a specific individual. The criminal will gather information about that person using a company website or social media pages and send them an email pretending to be a colleague, including their name, job role, phone number and other details to make the message appear genuine. As the target thinks the email is internal, they are more likely to respond to the email’s request.
- Clone phishing — here, the attacker creates a spoof email that replicates one sent from a trusted organisation, tricking the victim into clicking a link taking them to a malicious website. Once the cyber criminal knows that a particular email design works with one person, often they will go a step further and send it to all of the victim’s contacts.
- CEO fraud — also known as “whaling”, CEO fraud is where an attacker impersonates a leading company member and sends messages to less senior employees using a similar email address. Typically, they will put a lot of pressure on the victim, asking them to transfer money or view a document until they comply with their request.
To reduce the chances of these attacks happening, consider giving your staff regular cyber security training. This will help them spot the latest suspicious emails and ensure new hires are made aware of your organisation’s cyber security procedures and policies from day one. Also, be extra cautious of emails with password-protected attachments, as these are usually an attempt to steal your login credentials.
3. Using Weak Passwords
Even with VPNs, firewalls and continued education on cyber security best practices, criminals can still cause significant damage to your business if your employees use weak passwords or the same one for several different accounts. Hackers have various methods for cracking into sensitive company information, including compiling lists of common passwords and writing code designed to guess a password by trying out different variants continuously.
Instead, foster a culture of personal responsibility by creating a password policy that bans your team from using personal information for account logins, such as their surname or where they live. Also, they recommend using a passphrase generator to make up a string of random words, punctuation, numbers and character substitutions that are longer and harder to crack and record them in a secure password-storing program rather than writing them down on a piece of paper or saving in a file.
4. Greater Number Of Physical Threats
Cyber security risks don’t only lurk online — they can occur in the outside world, too. From talking too loudly on the phone about confidential information in a public place to leaving their device unlocked and unattended for young children and pets to tap away on and potentially wreak havoc. Companies must remind their staff to be aware of their surroundings when working remotely.
Even though it may seem like common sense, creating documentation to show your employees how to enable automatic locking on their mobile phones, laptops and any other hardware they’re using outside of the office can act as an excellent reminder. This feature means that if the user pops out of the room to get a drink or use the bathroom, the device will automatically go to sleep after a certain number of seconds until someone enters the correct password. Best practices recommend that a couple of minutes is a safe amount of time before a lock begins on a laptop, but 30 seconds is best for a phone.
5. Unencrypted File Sharing
From client account details to financial records and much more, a massive amount of private data is shared among your teams every day. Unfortunately, many of your work-from-home staff are unlikely to know they should be encrypting this sensitive data, let alone how to do it. However, cyber criminals can do severe damage to your business if they manage to intercept these files whilst they’re being moved from one place to another. This can lead to ransomware cyber attacks, theft and identity fraud.
Ensure your employees use communication tools that include encryption tools or are encrypted by default, like Outlook for email and WhatsApp, Signal or Telegram for instant messengers. This clever feature lets them convert plain text into a scrambled cypher that only the recipient with the key can decipher. Using secure file-sharing platforms such as OneDrive and Dropbox are also a must-have, and some business phone providers even enable the user to encrypt their voicemails.
If you’re concerned about your business’s cyber security, contact Optimising IT by requesting a call back from our expert team today. Our fully accredited and industry-leading cyber security services cover everything from testing for and eliminating vulnerabilities to helping you achieve compliance.