You need to start taking WFH security seriously. Here’s how
Just a few months ago, having WFH in your work calendar was a perk that carried a stigma. Many battled the perception that they were less productive out of the office and felt pressured to be more responsive to emails. When others approached their manager to request the same privilege, they were told, "If I do it for you, I'm going to have to do it for everybody."
Cloud storage, video conferencing, and a long list of tools for teams working from home have been around for several years. But it was the COVID-19 pandemic that will be credited as the digital accelerant for remote working worldwide. Modern organizations are now looking to improve their business continuity plans and adapt to the new digital landscape.
A global community of remote workers who have stepped away from the preventive security controls in the office is making teams vulnerable to an increasing range of online threats. When the Daily Mail journalists were willingly hacked by the CyberNews team, they were understandably alarmed by the results. But this ethical hacking experiment should act as a wake-up call to every business. Here are a few ways that remote workers can keep themselves and company data secure.
Data protection tips when working from home
When working from your own devices and a home broadband connection, it's easy to forget about corporate data policies. The temptation of taking shortcuts via your personal Gmail address, Dropbox account, or video conferencing app could put sensitive data at risk. There are many reasons why you should separate both of these worlds.
When mixing business with pleasure on a home device, you run the risk of accidentally keeping hold of company data for longer than you should.
General Data Protection Regulation and Payment Card Industry Data Security Standard are just a few areas of data protection legislation that require education around your responsibilities and be given secure technology to work with.
Ideally, any device or printouts should be locked away out of sight at the end of the working day. It's easy to let your guard down when working from the safety of your home. But a document left near a window in your home office or thrown in the trash could compromise data security. Increasing your awareness and vigilance will go a long way to avoiding a data breach.
Avoid unsecured Wi-Fi networks
Remote working often involves breaking free from the four walls of your home. Train stations, cafes, or transforming the local Starbucks into a 'Coffice' can include hopping on a public Wi-Fi network. However, these public spaces can also be prime spots for malicious actors to spy on internet traffic and hoover up confidential information from unwitting users.
It becomes especially dangerous when using personal devices that don't have the luxury of antivirus software, firewalls, and online backup tools. When you let your guard down, you create a perfect entry point for hackers to steal data or monitor your internet traffic. Worse still, it can also make you an easy target for malware and a long list of other malicious attacks.
Where possible, only connect to secured public networks.
But always try to avoid accessing bank accounts or anything that contains sensitive personal data if you dare to hit ‘Connect’ on unsecured networks. Most importantly of all, remember to turn off automatic connectivity when traveling to unfamiliar places.
Get streetwise about phishing emails
Phishing scams are launched with the intent of stealing your personal information or gaining access to your account. Most people reading this would have received a suspicious-looking email claiming to be from Microsoft, PayPal, or Amazon. Human emotions such as fear, curiosity, and greed are often used as tools to create a sense of urgency to click on a link or download an infected attachment.
However, socially engineered attacks are becoming much more sophisticated. While businesses have traditionally focused on securing software and hardware, employees are connected to email and social media platforms. Attackers can obtain location updates and imitate senior managers on LinkedIn. They can also acquire the email domain from the business website's Contact Us page.
Publicly available information enables attackers to send an email that looks like it's from a CEO who is away on business.
These simple tricks would allow hackers to pressure a finance manager to approve an urgent invoice or download malware. Extra vigilance and getting streetwise when working from home is crucial.
Your corporate VPN is not as safe as you thought
Many businesses will insist that their remote working employees use a Virtual Private Network (VPN) when connecting to a corporate network. However, this approach can also provide everyone involved with a false sense of security and privacy. Many will fall into the trap of not identifying vulnerabilities or applying security patches. Hackers know this and will be scanning for a weak point of entry.
The credentials and authentication methods will also prove useless if they use the same easy to guess passwords or hand them to hackers in a phishing attack. Every business now needs a security framework that can provide support by ensuring that people, data, and infrastructure are always kept safe.
Be careful what you reveal on video conference calls
When watching an interview with a celebrity or politician on the nightly news, we often pay more attention to the aesthetically pleasing collections of books or DVD's on the shelves behind them. This can create security risks for home workers if there are sticky notes with login credentials stuck on a fridge or noticeboard behind them.
Thankfully, there is a wide range of virtual backgrounds for Zoom users, and Microsoft Teams also has a blur my background feature. According to S&P Global Market Intelligence, nearly 80% of organizations surveyed said they have implemented or expanded their universal work-from-home policies due to COVID-19. We all need to think a little smarter about what we reveal online, whether in an email, phone call, or video call.
GDPR has a maximum fine of £18m or 4% of a company's annual global turnover. Every business in Europe must have the ability to prove they have taken reasonable steps to prevent data breaches from happening. The arming of employees with greater awareness around the importance of IT and physical security is critical when working from home at scale.
Multi-factor authentication, data encryption, security patches, regularly updated passwords, and a robust backup strategy will all play a part securely enabling a long-term remote workforce.
As businesses and their employees become more streetwise online, the zero-trust principle of "never trust, always verify" will enter the spotlight.
On the other hand, the good news is that the reward of agility, business continuity, and flexibility await on the horizon for those that take working from home securely seriously. So, what are you waiting for?