Safer business Now we’re all working from home, we need to become more cybersecurity aware COVID-19 has caused an overnight remote working revolution, bringing with it new cyber-challenges for IT teams. Here’s how to help homeworkers stay cyber-safe.
Author Lee Rendell Art byNeringa Šidlauskaitė Published on Apr 15, 2020 minute read Share article Show more Show less Art byNeringa Šidlauskaitė Share article Show more Show less COVID-19 has triggered a worldwide work-from-home situation for pretty much everyone that can do it in 2020. Although the virus is impacting nearly every aspect of our lives, there may be a silver lining: remote working can benefit businesses and the planet. Remote working has been steadily growing in popularity over the last few years, and for good reasons. A Stanford University study found that employees were, on average, 13 percent more productive at home as opposed to in the office. And there are operational benefits too. Organizations with flexible work-from-home schedules tend to spend less on running large offices or scale down their office space. Throw in the fact that you’re sparing the planet your employees’ commute (dolphins returning to Venice canals is an extreme but excellent example), and it’s a no-brainer. I’m not advocating a constant work-from-home situation – innovation thrives with face time with others – but if COVID-19 teaches us anything, it’s that remote working could benefit business and the planet. Remote working increases cybersecurity risks Remote working is a massive change in the way people work, and if handled without preparation, there are some serious cybersecurity risks. Most will be down to the way your employees work. A 2019 report by Kaspersky found that 72 percent of employees in smaller businesses store documents that have personally identifiable data. And in a 2019 report on the cost of cyber-breaches, 52 percent of enterprises reported that breaches happen after employees’ inappropriate IT use. Changing behavior is your biggest cybersecurity challenge Employees feel removed from the corporate gaze when they’re at home, which can aid productivity. But it also means they may not be as conscious of following security best practices, and IT staff aren’t on hand to give quick-fire advice. Nine times out of ten, your employees will work using a corporate device (if you’ve provided it) but they may use it for personal stuff, like online shopping. Hackers are smart; they anticipate these changes and are always seeking new ways to exploit your business. With so many people at home 24/7 and shopping online, we see a big spike in online phishing attacks. Hackers are embedding traps by setting up fake sites emulating big-name online supermarkets. We see an increase in situation-sensitive phishing attacks, like COVID-19 advice emails from hackers pretending to be healthcare organizations. Once users click on these, especially if they’re connected to your corporate VPN, hackers can get access to your network, which could place your entire corporate data at risk. Everyone working from home concurrently also throws up new challenges for how IT teams can best support users. Usually, in an office, an employee might go to the IT team and say, “My computer is running slow, can you help?” The IT support desk fixes the issue promptly, and then all is well. When they’re at home, they may just live with it, particularly when IT managers are overloaded with new requests from novice homeworkers. What happens when there’s an immediate issue? Many IT teams don’t have the experience or tools to investigate remote cyberattacks and cure them instantly. So the focus right now is to increase our efforts to stop these attacks before they happen. But how? Teach your teams to become cyber-aware Training is crucial to help your teams to become cyber-aware. Plan a program of learning, with a mix of online learning, classroom (virtual or real-world) and regular advice by email. You could test whether people can spot a phishing attack by setting up a fake phishing email. To start, try this free 30-minute adaptive learning course by Kaspersky and Area9 Lyceum for those who are new to remote working to help them work safely from home with lessons about choosing strong passwords, the importance of endpoint protection and regular software updates. Education is vital, and right now, clear communication is crucial. Employees need to know what’s acceptable to do on corporate devices, rather than simply what they shouldn’t do. With weekly calls or online chats, you can talk to users about what they’re seeing, advise them on best practice and answer their questions. This gets them comfortable talking to the experts, so if something happens, you can respond quicker. Build a culture of trust Unfortunately, in many larger organizations, there isn’t a culture of transparency between employees and IT on cyber matters. When people make mistakes, they’re either unaware of what they’ve done or are scared they’ll lose their job, so they may not formally report a data breach incident that ends up damaging the company. You need to build a culture of trust and transparency between employees and the IT team. Open communication is critical. Advise against casual browsing on work devices Casual browsing may lead to compromised network security, so make sure employees know this and encourage them to do personal things – like shopping, social media or reading news – on their own devices. Patch employees’ machines If your employees’ devices aren’t completely patched and up-to-date, the chances increase of hackers finding a vulnerability in your system. Remotely access their machine to patch or help them do it themselves over the phone. Even better, install an automated patching solution. Ask people to change default passwords on home routers Most home routers use a default password, which hackers can find and then get into the back end of the home network. Few people bother to change it because it’s a somewhat tricky process, but it will drastically improve employees’ cyber-defenses. Show them how they can do it. Cybersecurity in the age of remote working After COVID-19 restrictions are over, and organizations see how well their staff have handled working from home, it will change the way we work forever. I think employers or governments are likely to implement a one-day-a-week remote working policy. With that in mind, you need to know the cyber-risks of remote working, how you can prepare your teams, and encourage a culture of collaboration and transparency. If you’re thinking about extending remote working beyond COVID-19, get the right cybersecurity training program and products in place to keep your teams and business safe.