It probably comes as no surprise that according to the Office for National Statistics(ONS) the proportion of people hybrid working has risen in 2022. In spring, 27 April to 8 May, when guidance to work from home because of the COVID-19 was no longer in place in Great Britain, 38% of working adults reported having worked from home at some point over the past seven days. Pre-COVID only 12% had worked from home in the past 7 days.
There have been plenty of well documented benefits to WFH including; less commuting time, staff feeling trusted and more valued, better employee engagement and increased productivity, to boot!
With hybrid working here to stay, we want to ensure all our clients enjoy safe remote working. The big question is, when our staff are working from home, how secure is our sometimes sensitive, often confidential business data?
Here CJAZ list the 10 best practices businesses can implement to ensure effective, safe and secure remote working for your team.
1. Develop a cyber security policy for remote workers
As a bare minimum this should include guidelines regarding company owned devices, regular hard-drive backups, working with third-party vendors, no shared accounts, mobile phone security and, where relevant, internet usage best practice.
2. Manage Remote Desktop Access
There are three main ways for your staff to work securely online. Desktop sharing
Remote computer access, such as desktop sharing, connect a remote computer to the host computer from a secondary location outside of the office. This gives the remote workers access to local files on the host computer as if they were physically present in the office.
Virtual Private Network
A virtual private network (VPN) is software that creates a secure connection over the internet by encrypting data. Usually, remote workers will use a remote access VPN client to connect to their organisations VPN gateway to gain access to its internal network, but not without authenticating first.
Direct application access
As the name suggests, this gives access to a singular application. This minimises the chances of cyber attack, however it can be limiting to the remote worker who needs access to many different applications and files that are on the company network.
3. Only use managed devices
If a managed device is not possible, use a brokered connection or a virtual workspace and use network access controls.
4. Frequently update your passwords
Your employees should be updating their passwords every few months. This is even more important when they are working off the corporate network i.e using their own devices.
5. Apply Multi factor authentication for even stronger security
Authenticating the identity of a user is an essential part of access control. To gain access to the network people usually need to login using their username and password. With multi factor authentication, you can increase remote work Security by creating two requirements necessary for login instead of one. Essentially, it creates an added layer of login protection.
6. Keep work and pleasure separate
Avoid mixing work and leisure activities on the same device. Work activities should be confined to work devices and leisure activities to personal devices.
7. Employ the principle of least privilege
An effective way to mitigate security risk is to limit the IT privileges of your employees. Network security privileges usually come in three levels: admin/super users, standard users and guest users. Ensure you issue the right levels to the right roles.
8. Create Employee Cyber Security Training
Your employees present a huge challenge to your network security. In fact, just over one third of all data breaches in 2019 occurred due to a malicious or negligent employee.
Fortunately, we can put this right. Prevent putting your business in danger of cyber-attack by cultivating a security culture through training employees on cyber security best techniques and practices. From being aware of physical security threats like shoulder surfing and safe internet protocols to social engineering attacks. We’ll be discussing this topic in more details in our October blog…
9. Have a backup strategy and follow it
If a Ransomware attack did get through, your files could be gone in an instant. Make sure your backup plans coverall servers and workstations.
10. Educate your employees
Make sure all your employees know how to spot and stop common attacks (like phishing). Due to the current climate, you may need to send out additional training or refreshers to help your workforce recognise potential threats.
Are you concerned about your remote workers and cyber security?
Employing only one of the above security measures will not be enough to stop a cyber-attack. Each security measure, in isolation will not guarantee secure remote work. However, when used in tandem, multiple layers of security, create a compounding security blanket for your precious confidential, business data.
CJAZ are here to help.
Our experienced network and cyber security specialists can help you build the appropriate level of defense your business needs to fend off cyber-attack. So whether your security policy needs updating, or you’re thinking about rolling out Employee Security Training, please call 020 3950 0360 or email Nick on nick@cjaz.co.uk who will assess your current setup and create a planned approach for you to keep your remote workers safe, secure and working effectively.