Speak to a group of people about working from home or remotely and you get a marmite response. Some love it – they get more done, appreciate the time to think properly and value the space to be creative in their thinking. Others struggle to motivate themselves, miss the face to face interaction and find themselves frequently distracted. Whether you are a love it or hate it respondent if you are outside your normal secure office environment you might be opening the door to more cyber vulnerabilities. But if you don’t know what the remote working risks are or where you might be exposed how do you know the best way to work?
I have, in the main, worked remotely for three and a half years so here is my take on the main risks of remote working.
The cyber secure company VPN – or is it?
Let’s start with how you get to your company files. Many of you will use a VPN (Virtual Private Network) that has been set up by your IT department. You know, the additional connection icon you must go through before you can sign in with your usual credentials. Just as a VPN allows you access, it also provides cyber attackers a route. Thus, it is essential that VPN software updates are run – don’t ignore these.
Router run down.
What hardware are you using to connect to the company VPN? Devices that are used to access the company data, whether wired or wireless, should also have all software patches applied and updated. This ensures security configurations are the latest available. Even if you are just online for home/family use, its recommended: https://staysafeonline.org/stay-safe-online/securing-key-accounts-devices/securing-home-network/
You must shut down and run your updates on a regular basis. As frustrating as it might be to continually run updates they are available specifically to combat external threats. I’ve been lucky so far, but I have taken a few wrist slaps from IT on this, seeking out convenience and shortcuts over cybersecurity when working from home is not wise!
Cyber security on the move.
We should not forget that many of us will switch between working from home over our routers to using our mobile devices for email and work applications. Therefore, we shouldn’t overlook mobile device security and the treatment of our devices. Sound silly? Let me tell you why it isn’t.
Many of us carry around our diaries, personal information and correspondence on our mobiles. Flicking between work and personal activity our mobiles give criminals of all guises access to our identity collateral and our company information if not properly protected.
If you are using your own device or a company asset, remember the risks of leaving it unattended, especially in public places. When the device is not being used, keep it somewhere safe. And, if it does get lost or stolen make sure you know how to report it and who to, swiftly. With any luck you will have Mobile Device Management in place ensuring swift over the air ‘kill device’ options but if you don’t it is worth spending time looking into the options available – especially as your mobile digital footprint will be expanding. We use Traced.
Multi device mayhem
It is strongly advised by many IT professionals that work devices only should be used for work and personal for personal. It is far more challenging to control who is using personal devices for what and of course there will inevitably be less security protocols in place, giving plenty more opportunity for malware insertions and other company asset compromises.
The scamsters favourite
Now to dodgy emails – we have all seen suspicious emails and in fact, some of us have got so used to seeing them that we simply ignore them or delete into deleted items and forget about them. When you are working remotely it is vital that you continue to flag these emails to the custodians of your communications infrastructure.
It is so much easier to target ‘individual’ users in home working environments as we can and do, by virtue of our home behaviours relax the security protocols we would normally apply in the office. This is nirvana for cyber criminals.
And it isn’t just the digital risk that worries IT decision-makers. Should company shredders be handed out to all home workers? https://www.bbc.com/news/business-55824139
Communication is key in all respects. Yes, it’s good practice to keep providing the health and safety updates, great to keep team wellbeing at the forefront of minds but don’t forget to talk about the small actions that might bring you down overnight.
Think of 20 staff members out of 100 all getting a similar email and no one reporting it. Someone will click on the link and the risk of monetary loss, data theft, infrastructure suspension, financial penalties, damage to reputation and much more is too great.
Ensure workers know exactly what to do in this scenario. Encourage transparent and blameless practical processes.
The senior buck
Now let’s take a look at our Execs, those most inclined to buck the process. You know who you are, you work on less secure networks, particularly when you need something urgently. WiFi networks are a prime channel for hackers looking to access sensitive data. We know this is risky, we’ve heard the warnings time and time again. It is quite simple, you are a primary target for that very reason. Just because no one can see you doesn’t mean that you aren’t vulnerable.
My advice – question the urgency of the data before taking any action. If it is something that can’t wait then perhaps consider tethering your mobile for a safer transmission of data through the VPN. If routing over 4G all the better as it’s encrypted. Avoid public WiFi.
Advice and support
There is a great deal to remember when managing a remote workforce, not least your own behaviours and habits. There is a wealth of information available to you to better understand best practices. Sign up to the National Cyber Security Centre (NCSC) updates at https://www.ncsc.gov.uk/ and work with a partner that knows what they are doing.
If you don’t know where to start because you haven’t got time to understand all the different terminology and risk, we’ve put together a simple cyber threat glossary that helps you get it: Cyber Threat Glossary
We have created a Remote Workers Guide, for guidance you can download and refer back to.
We will work with you to either start a fresh way of working, support your development of a more long term change in your operations or help you enhance what you might have had to throw together at very short notice.