Cybersecurity Protection Within the Work From Home Model
Many people have been forced to rapidly adopt the work from home (WFH) model. With the benefit of modern technologies, for many this transition has been relatively straightforward.
Video conferencing tools, collaboration platforms like Slack, and real time shared document suites like Google Docs mean that for some positions, people can continue doing nearly everything at home that was possible from the office.
But just because you’re using similar technologies from home that you use day to day in the office, doesn’t mean that the home and office technology landscape is the same. Especially when it comes to cybersecurity.
A different world
When working from home, the cybersecurity risk profile is a whole new world. Most office based businesses operate within carefully crafted IT systems. All staff work under common IT infrastructure and security risks are generally known and relatively straightforward to manage.
But when staff are fragmented and working from home or from remote locations, they could be using any number of permutations of hardware and internet access setups. Some may be using the latest laptops with secure modems and internet access protected by VPNs. Others may be using decade old desktops and unsecured, cheap modems that are also used by any number of other family members.
Creating a secure WFH strategy
To help you reduce security risks that you or your staff may be exposed to while working from home, here are five steps you can take to ensure the cybersecurity of your organisation is protected.
1. Use strong passwords
Passwords may be overused and seen as vulnerable to hacks but at the end of the day, they are still your first line of defence. Put in place protocols that ensure all staff use strong and unique passphrases on all portable devices including mobile phones, laptops, and tablets.
The policy should ensure staff use a different password for network access and any other apps they use and that these passwords are changed on a regular basis. Using a single username and password for multiple accounts is not a good system as it means that if one account is compromised then all accounts are at risk.
2. Use multi-factor authentication
One of the most effective cybersecurity measures you can use to ensure only authorised people can access networks, applications, and online services is multi-factor authentication.
By requiring two or more layers of authorisation, for example via a smartphone app generated PIN, a code provided from a security key or fob, or an email code, it makes your systems significantly more secure. This is because even if passwords are hacked or leaked, a cybercriminal still requires a second and usually much harder to obtain code to gain access.
3. Be aware of scams
To cybercriminals, the COVID-19 pandemic is viewed as a major opportunity. Whenever major events occur or major changes to business practices take place, it presents greater opportunities to expose vulnerabilities or catch off guard people who are focused on other concerns.
Ensure all staff are aware that they may be targeted by scams in the form of emails, attachments, instant messages, or phone calls. Do not open messages from unknown senders and be wary of any requests for personal or business information.
4. Update software and operating systems
Operating system and software updates are a vital part of securing systems because they are developed to address known security issues. The sooner you install them the less likely you are to present known vulnerabilities to hackers. Updates additionally include the latest security features that protect data and devices. Also be sure to keep your antivirus software up to date and allow regular antivirus scans to be carried out.
5. Use a VPN
Virtual Private Networks (VPNs) are a great way to securely connect portable devices to networks and secure internet access. VPNs allow users to hide their IP address as well as location. By encrypting information they also help secure personal and organisational data.
Make security a priority
At the end of the day, working from home doesn’t have to mean that you or your colleagues are less secure than working from the office. But it does take some careful consideration of increased risks and planning and policies to be put in place to secure devices and access procedures.
Some other small but important actions such as only using trusted Wi-Fi networks (such as home networks rather than free public Wi-Fi), and securing all devices so only one person has access to hardware being used to work from home may seem simple but go a long way to ensuring the cybersecurity of entire organisations. For more information on how you can better protect the cybersecurity of your business, contact the experts at FinXL.