Cyber security when your staff are working from home

At the end of October, London’s Hackney Council became the victim of a hack attack. Due to this breakdown in cyber security, many residents were left locked out of essential services and payment portals, many working from home during the pandemic. While the UK National Cyber Security Centre (NCSC) is working to investigate this incident, the experts have their hands full, as the reliance on internet connections has increased our vulnerability to security breaches.

Every small‐ or medium‐sized enterprise (SME) is working hard to pivot its business model to work in the time of Covid‐19 and the demands of social distancing. With teams working from home and over the internet, the vulnerability of companies to external attack is higher.

Unfortunately, hackers don’t care that there is a pandemic. Rather than see a national crisis, they see this as an opportunity. Forever creative, these sophisticated computer users are developing new malware, phishing mechanisms, and spoofing. Indeed, when we are all feeling vulnerable and desperately in need of positives, we are even more likely to succumb to the methods they use.

It is therefore vital to consider the security policies in your business as we continue to work through 2020 and into 2021. Here are some hints that could help prevent an attack on your company.

While your team are working from home, they are using their devices. While you could issue company technology, most staff would want to work using what they know. It is acceptable for workers to use their laptops or desktops as long as you have a BYOD policy (Bring Your Own Device Policy) that lays out the robust technical controls you expect so that your company data is protected.

If you already had a strong IT policy in place pre‐pandemic, then it is likely the transition to WFH was an easy transition to make. However, if you have to help set your team up with the appropriate resources, you probably saw your progress stall for a time.

Cloud technology makes working from home possible. All your company resources are accessible remotely. Cloud technologies are now impressively secure, especially if you insist on a two‐step authentication (2FA) for all your employees.

The use of cloud technology can be made more secure if you limit your team to using one device with the cloud. Strong location controls should then help prevent incursions into your data through a remote attack. Cyber attacks, more often than not, originate from a different country. Therefore, robust geographical controls can limit your vulnerability to attack.

Remember to layout in your policy that this one device used for work should be protected by the employee. Consequently, you should be confident that the device is not also used by a child or by someone who may inadvertently download malware via an app.

You can place boundaries around your data not only by limiting the number of devices but also by restricting opening hours. You may only want your data accessible on the internet remotely during working hours.

If your team think that these measures are over the top, remind them that data is now a commodity. Your intellectual property is held within this cloud resource. Consequently, you need to protect it like it is money in your bank account.

Finally, invest in appropriate cybersecurity. The cost of a significant breach is more than just financial. You will be expected to tell all those customers whose details you hold on your system. Therefore, the damage to your reputation will be more significant and could even jeopardise the potential of future projects.

Setting aside a budget for the right protection for your employee’s devices can offer a substantial return on your investment, both in the short and long term.