The way we work has changed, especially since the Covid-19 pandemic. Many of us are running our businesses fully remotely, or with at least several remote staff. This however means there are important processes that will start to break and open many businesses to cyber security risks they have not had to worry about so much in the past.

Hackers and criminal gangs have shifted their focus toward remote workers who they see as an easy target for a cyber-attack. So how do you reduce this risk?

How prepared are you?

Are you utilising the most important asset you have in the face of cyber-crime?

Your staff

I keep hearing that staff are the biggest security issue when it comes to cyber security, I think that this is the wrong view to take. Your staff can be your biggest asset.

You certainly don’t want everyone in your business to be complacent about security.  You need make sure everyone (including all the business owners, directors and management team) understand the risks. You will need to make sure the team are on side and doing the right things and engaged with why certain steps, precautions and processes are needed for the safety of everyone.

Your staff will be juggling priorities and cannot give the business their sole focus for much of the time.  We are all running a marathon now to get through the lockdown.  Staff and business owners alike, while trying to focus on their job, will have to consider the concerns of their own and their families well-being which will prove a distraction from their normal level of focus. After all, the family home is now the work environment for most people and keeping that environment running and as happy as can be will make a big difference for getting through the current situation.  Therefore, the business’s data security may sometimes not be at the front of your team’s mind.

How do I maintain a focus on security for the team?

It essential that you regularly communicate with the team to keep security issues at the forefront of their minds. You should also be reminding them that they are the gate keepers of your organisation!

You might want to pick the key topics from the list below and every few days update the team on one issue at a time

What can staff do to mitigate the exposure?

  • Ensure that staff are aware of potential threats from malware and viruses about links in emails, IM’s & bogus web pages. Be suspicious of any emails asking them to check or renew their passwords and login credentials, even if they seem to come from a trusted source.
  • Ensure staff are educated about calls from bogus organisations.
  • Define a clear procedure to follow in case of a security incident.
  • Ensure that staff have a secure way to access their work servers through either VPN or remote services like LogMeIn, Remote PC & TeamViewer.
  • If staff are using BYOD (Bring your own devices) that they have anti-virus installed on their machines. Even a free one like Avira or Avast on their machines are better than nothing. Also make sure that they regularly update their computers to ensure that they have all recent security patches installed.
  • Ensure that PC’s or laptops are locked if unattended. Although in a home environment you are less likely to get someone sneak access to the company servers you are at more risk of a toddler or pet hitting a few keys and causing problems! Remember the story about the toddler who bought a £9k car? (here)
  • Making sure that Staff mobiles have something like Microsoft Intune to enable them to delete data in case of loss or theft.

What can we do as business owners to protect the business?

Management set the tone for cyber security. It is therefore important that you are seen to be doing the right things as well.  That means not only following your own advice on the items above but also putting in place policies and infrastructure to promote the most secure environment you can.

So how do we stay cyber safe in the current environment? Ideally you should have the following:

  • Encrypted work laptops
  • Secure encrypted VPN
  • Encrypted work mobile phones
  • Privacy screens so that no one can read information off your laptops.
  • Encrypted memory sticks

Not all small businesses can always afford to provide all their staff with the technology above especially under current financial pressures!

  • Ensure that your server’s anti-virus software is up to date and working properly
  • Ensure if they are taking documents home with them that they are on encrypted memory sticks or encrypted partitions on memory sticks using software like Rohos Disk encryption.
  • Switch auto lock on for all remote desktop PC’s
  • Discourage staff from printing remotely and if they do so, ensure that they have a shredder to safely dispose of the print outs.
  • If there is 2 factor authentication on any software or services you use then use it!!
  • Use secure forms of communication if possible, like Microsoft Teams to stay in touch with staff & share information such as security procedures for remote working.

Cybersecurity isn’t about doing one thing but is about keeping on top of a combination of issues over time that will enable you to mitigate the risks involved with remote working.

There is always more to consider, but that’s always the case. Don’t let that stop you taking action now to help secure your data and therefore your business.

Peter B

Contact me today!

Peter Baldwin

Head of IT and Systems

Send me a message