After many businesses in many industries have found it difficult to remain resilient in their financial pressures due to the pandemic, it is now coming to an end as life is going back to normal. Therefore, re-starting your business again face to face should come with cyber security in mind.
What are the risks?
Whether you will continue working from home or will go back to your workplace, there are cyber security risks that a company and its employees can encounter. Employees can make simple mistakes at the workplace by simply receiving or clicking on an email or attachment that has a cyber theft purpose, meaning there is always a risk of security that the company information will be used and accessed by a cyber thief.
There is also a risk that a company may not be able to establish a secure mobile working and employees using remote access makes the company venerable to some risks;
Loss or Theft
Devices that are portable such as laptops, tablets and mobile phones are particularly at risk of being stolen, which means any information stored or accessible through these devices would be at risk. Viewing any company information outside of the office means anyone can walk by and see confidential information, which is definitely a cyber security risk.
Loss of Credentials
If user details such as a username or password that are lost or stolen, any attacker could use the information to gain access to the information stored on company devices or drives.
If any device is left unattended outside of an office setting, there is a risk of malicious software or hardware being installed. This would allow the hacker to monitor all activity on the device and learn login details and passwords.
How Can You Minimise Risks?
It’s important to assess all the cyber security risks associated with working from home and mobile working. This will be an important factor in creating a mobile security policy that effectively minimises the risk of a cyber security breach. These should cover; processes for authorising users to work off site, device provisioning and support, what type of information is allowed to be accessed remotely and the minimum-security procedures that should be adhered to. There should also be an increased level of monitoring on any remote connections and the systems being accessed.
All staff that are working remotely should be educated and trained on the use of mobile devices in the locations that they will be working in. The company should support staff in looking after their mobile device and working securely by helping them follow the procedures that have been laid out. Support should be given on;
- secure storage and management of user credentials
- incident reporting
- Environmental awareness (the risks from being overlooked, etc.)
- Protect your data ‘at rest’
Good cyber security practice is to minimise the amount of information stored on any mobile device. This means only storing information that is completely essential for the employee to fulfil their role outside of the office environment. If at all possible try to encrypt any data stored on a mobile device.
Protect Your Data on the Move
Any time an employee is working from home the connection back to the business network should be using the internet. All data that is exchanged should be appropriately encrypted.
Create or Review Your Corporate Incident Plan
Working from home definitely increases risks and even if you follow the most secure cyber security plan, there will still be security incidents. An incident management plan needs to be flexible in order to deal with a range of cyber security incidents that could possibly occur. The most effective way of managing a breach, is the ability to remotely disable any device that has been lost or stolen, or at least sever any connection to the corporate network.
Investing in the Best Technology
Even before the global pandemic, working from home was becoming more and more common place, so PC manufacturers, such as HP, have been introducing helpful features in their products. For example, the new Zbook Firefly laptop comes with a built in integrated privacy screen called HP SureView. This display reduces up to 95% of visible light when viewed at an angle, which protects your company data against visual hacking.
Another security feature that HP provides is HP Sure Start, which is self-healing BIOS protection. In the event of a malware attack on the BIOS, HP Sure Start automatically detects the change, notifies the user and IT, and restores the most recent good version of the BIOS. With HP Sure Start your devices will be ‘self-healing’ and constantly monitoring for threats. This provides you and your employees working from home peace of mind that they are working securely.
Within the Zbook range there is also a technology called HP Tamper Lock, which detects and alerts users if their PC chassis has been physically opened or tampered with, meaning that if you have left your mobile device unsupervised, you can be confident it has remained secure.
To find out more on the HP Firefly range click here
Working from Home Tips
To ensure effective working you need to think about the practical considerations; you may require what is now are basic services, such as Microsoft Teams, Zoom, or Skype, to enable teams to continue working together.
Virtual Private Networks (VPNs) are a secure way for users to access the companies IT resources, email and file services etc. An encrypted network connection is created by a VPN and it authenticates the user and device as well as encrypting data that it is in transit between the user and the services they are accessing. It’s important that your VPN is fully patched; you may require additional licenses, increasing capacity and bandwidth may be necessary.
Supporting staff with their devices
Whether you staff are using their own or company owed devices, they are all at risk for being lost or stolen. Staff will need to be encouraged to lock their screens when the device is left unattended, especially if there are other people living in the house with them, children or roommates etc. When not in use the device should be kept somewhere safe, such as a locked draw or safe.
It’s important that your staff know who to report to if their device is lost or stolen, this should be done in a blame free and friendly way. This will stop staff trying to hide any damage or loss of their device, early reporting of any issues will help minimise the risk to data. Staff need to know the importance of keeping their devices and software up to date and safe, to minimise the risk to company security.
USB drives are often used to contain lots of sensitive data; however they are easily lost and can be used to introduce malware when inserted into your device. If USBs are used by multiple people, it can become hard to keep track of what is on them, where they have been and who has used them. Best practice when it comes to USB use involves;
- Safely disabling any removable media using MDM settings
- Using appropriate antivirus tools
- Not allowing workers to use personal removable media
- Encrypting any data on removable media
There may be safer ways for your workers to transfer files, such as using corporate storage or collaboration tools, instead of using USBs.
Identifying Email Scams Related to Coronavirus
Now that the majority of the population has been vaccinated, it is important not to forget about the vaccine scams related to coronavirus. As often happens when a new threat emerges whether it be medical, financial or technological, there a people who will take advantage and try to use it to gain access to your information. These most times come in the form or ‘phishing’ emails; these are used to try to trick people into clicking on a bad link. Once clicked, you are taken to an unsafe website which could download malware onto your device, or even steal your passwords. Vaccine-related scams include requests to pay for a dose or even to speed up your vaccine appointment or get on the waiting list of your appointment.
Despite lockdown restrictions being lifted, video conferencing will continue to have an impact on all industries and therefore the company must be using secure video conferencing service. Many services have additional paid options which might offer more security and privacy features; you may want to consider paying for these.
There are some services that offer end-to-end encryption, this means all data is encrypted in transit and can only be read by participants of the call. This encryption will include any instant messaging and screen sharing that are offered with the service.
You want to be able to control who joins and who organises the meetings, this helps protect any confidential discussions in the meeting and stopped any person not invited interrupting. It’s a common security practice that employees will join the meeting that are arranged in advance, and access it by clicking a link or entering a unique code.
Read more about Video Conferencing Apps Security here!
Cyber Security FAQs
Cyber Security is generally the application of technology, methods, and policies to safeguard systems, networks, programmes, devices, and data from all cyber threats.
Besides all problem solving skills and attention to detail, technical skills, such as skills in troubleshooting and maintaining security systems, are the most required in solving all cyber security issues.
Even though it doesn’t require a high level of maths to be an expert, it is still one of the hardest responsibilities, particularly if responsible for everyone in the business.
Cloud Security – securing cloud data storage
Network Security – focusing on the internal network between business employees and securing all threats.
Application Security – securing all the data on a specific application.