Cyber security for remote workers during the coronavirus lockdown
Many organisations have put measures in place to let their staff work at home during the COVID-19 lockdown.
However, there are security issues with working remotely.
Managing these remote working security risks effectively is an essential part of helping your organisation operate safely and securely in this difficult time – as well as ensuring you remain compliant with data protection law.
Learn more about protecting your business during the pandemic
Free PDF download: COVID-19 – A challenge to business
Download our free paper and learn:
- Important security considerations when dealing with remote workers;
- The latest COVID-19 security threats to be aware of;
- Examples of security oversights with remote working; and
- Practical solutions for keeping your organisation secure during the pandemic.
How to maintain security when employees work remotely
Remote access security risks include:
Most malware – as much as 99% by Proofpoint’s estimate – is delivered via phishing attacks. These often rely on topical stories to create a sense of urgency, exploiting people’s fears to get them to open malicious attachments or click links to spoof sites, which will then download malware on to their machines.
Things like misspelled domain names, and bad spelling and grammar can also indicate that an email is not what it seems.
Learn more email security tips and how to avoid phishing
Phishing attacks exploiting the coronavirus outbreak have seen a huge increase since January 2020.
Scams include fake tax rebates, malware embedded in disease heat maps, and emails purporting to be from the WHO (World Health Organization) supposedly offering information about the pandemic.
You can read more about some of them in our blog
BYOD (bring your own device)
If you’ve had to facilitate home working at short notice, the chances are you will not have had enough company equipment to give all staff laptops, phones, and the like.
If that is the case, you will be relying on BYOD – staff using their personal devices for work purposes.
Although this has many advantages, you will have less control over how those devices’ security settings are configured.
If, for instance, a staff member fails to keep their antivirus or anti-malware up to date and accidentally downloads malware, your corporate information will be put at risk, and your network could become infected the next time they connect to it.
You will therefore need a BYOD policy to ensure staff follow appropriate guidelines.
Free BYOD and Remote Working Policy Template
To help you adjust to having a remote workforce, we’re providing our BYOD and Remote Working Policy template free.
This customisable document provides the guidance you need to ensure your remote staff work safely and securely.
Free Business Continuity Planning template
If you need help creating a BCP (business continuity plan) to help guide your organisation through these turbulent times, you might be interested in our free Business Continuity Planning Template.
This template outlines everything your BCP should include.
Poor device security
Whether remote employees use their own devices or work equipment, they need to know how to look after them.
This includes securing them when not in use, ensuring they are not left unattended and keeping antivirus and anti-malware software up to date.
They should also know what to do if a device is lost or stolen, and who to contact for support.
It is a good idea to implement remote working policies that set out what you expect of home workers.
Remote access to corporate networks and VPNs (virtual private networks)
If your staff are using home networks to connect to the Internet, security features that you usually take for granted, such as filtering, firewalls and encryption, might not be available – and if they are available, you will have no oversight.
You should therefore use a VPN to provide staff with secure remote access to corporate systems and use IT resources such as email and file services.
Internal network security is equally important: you should ensure your VPN is kept up to date with the latest patches and that it has the bandwidth to cope with all users.
Weak passwords and authentication
Weak and reused passwords are a common point of intrusion for cyber criminals, so having a strong password policy is especially important when staff are working remotely.
Traditional advice is to make passwords complex, to use upper- and lower-case letters, numbers and symbols, and to change them regularly.
However, this is almost impossible for the average user to follow – especially as you need a different password for each account.
Modern advice is to use three-word passphrases rather than passwords. These are much easier for people to remember than random combinations of letters, numbers and symbols.
Plus, when it comes to password strength, length matters more than complexity: every character added to your password exponentially increases its strength against brute-force attacks.
Alternatively, you can automate the process by using a password manager to create strong passwords for each account.
Where available, you should also combine passwords with secondary authentication factors such as one-time passwords or secret questions.
Free 'Top 5 remote working cyber security tips' infographic
Free 'Working from home top tips' infographic
Cloud applications and home working
Cloud-based services such as Microsoft Teams help your remote workers collaborate, but you will be reliant on a third party for security and continuity.
As millions more people shift to homeworking, some services could become overwhelmed and suffer service outages, which could affect your productivity.
Secure file sharing depends on your staff using these services securely, using strong passwords and MFA (multifactor authentication), and ensuring they are using the latest version, as discussed above.
IT Governance remote-delivery products and services
If your staff are now working from home, IT Governance has everything you need to ensure your organisation can continue to operate safely and securely in this challenging time, from remote access penetration testing and online consultancy to online staff awareness training and business continuity tools.