In recent years, businesses have employed more flexible, agile models to suit employees' changing needs. As a result, working from home is now far more popular than it used to be. With technology constantly evolving to make online systems more easily accessible, employees now have greater freedom to work away from the office, making traditional 9-5 office roles less common.
Throw a global pandemic in to the mix and working remotely becomes a necessity rather than just a trend – established now as the new norm.
Companies have been recognising the benefits of remote working to both their businesses and to their employees for some time. Increased productivity, improved work-life balance and reduced costs are just a few of the mutual advantages to both employees and employers. But what about the disadvantages?
Technological risks are one such disadvantage that can often be overlooked. Some of these include: reduced Wi-Fi security, infected personal devices, lack of IT support, use of personal devices and of public Wi-Fi or hotspots, vulnerable desktop software, and email scams. We take a quick look at some of these risks below.
What are the risks?
Using personal devices
The global pandemic has had a damaging effect on many businesses, with many experiencing a crippling reduction in income. As a result, companies can often fall foul of relying on their employees to use their own devices for the purpose of working and using company data. With very little company-controlled restrictions, this can lead to increased exposure to risks.
Reduced Wi-Fi security
The Wi-Fi security in any given household could easily be deemed 'vulnerable' in any network system when using it to operate a business, exposing the business to hackers. Other devices within the household such as gaming consoles, tablets or phones that all link in to the Wi-Fi and transfer data also remain at risk.
Infected personal devices
If a company has not provided adequate security on a device used by an employee, they run the increased risk of malware infections on the company's system. Other devices used for personal reasons such as online shopping, banking etc., may also have very little security, allowing malware infections to spread more easily and cause corruption of data.
Lack of IT support
Working from home can often make it challenging to get support for IT problems. EDue to the increased calls to IT teams from workers at home, mployees can often spend a lot of time trying to get in touch with the IT team or getting in touch with the right team or person.
Sharing household devices
Household devices are often shared with partners and children, which, without the correct restrictions in place, can leave a business vulnerable to potential attacks.
Public Wi-Fi
Pandemic aside, employees that are often on the move and travelling during the working week will often use public Wi-Fi in places such as coffee shops or train stations to catch up on work. This poses a number of risks to both the individual and the company, leaving them exposed to hacking attempts.
How can you minimise your risks?
For every business, working out of office will always present an element of risk, but this can be minimised and managed with a few simple steps:
Secure your home office/router
Take steps to secure the home office at the end of each day to ensure that devices and confidential information is stored away safely. Consider changing the password to the router on a regular basis to increase security.
Separate work and personal devices
It is not always possible to know immediately if a device has been compromised, so it is best to use separate devices for work and personal use to keep information secure.
Adopt two-factor authentication
Two-factor authentication is a login method where access is granted only after users successfully present two pieces of evidence to an authentication mechanism. Two-factor authentication can dramatically reduce the risk of successful phishing emails and malware infections because even if the attacker is able to get your password, they are unable to login because they do not have the second piece of evidence. To successfully login, they would need access to whatever is generating your one-time code, which should be an authenticator app or security key.
Use a strong PIN/password
While this is an obvious solution, it is not always adopted in a proactive manner. The use of strong, frequently-changed passwords can help prevent unauthorised access. It is important to avoid repeated numbers and lettering, or personal information such as birth dates or registration plates. Given the sharp rise in our collective online activity, we now each require a lot of passwords. It is important to ensure that each password is unique and completely different to any others that are in use.
Enable automatic locking
We all know that if we walk away from our devices at home, in a co-working space, or a coffee shop, we should lock them. The issue is, we often forget. When we do, automatic locking is there to protect our unattended devices. Make sure to configure an amount of time that, while convenient, is not unreasonably long – 30 seconds for mobile devices and five minutes for laptops, for example. Automatic locking is enabled by default on most modern devices.
Use a virtual private network (VPN)
A VPN extends a private network across a public network, enabling you to send and receive data across shared or public networks as if you are directly connected to the private network. This works by establishing a secure and encrypted connection to the network over the internet and routing your traffic through that. This keeps you secure on public hotspots and allows for remote access to secure computing assets.
VPNs can reduce the risk of certain cyber-attacks, as they make it difficult to snoop on your traffic and intercept what you are doing. They can also prevent websites from knowing your real location, or your internet provider from monitoring your activity.
Train employees on the importance of cyber security
Businesses should make it a priority to teach employees how to recognise threatening email methods such as phishing, spear phishing and whaling attacks. They should train employees in the importance of avoiding malicious email attachments and other email-based scams and what these can look like. Encourage employees to use operations security on their social media accounts and public profiles to help prevent cyber-attacks.
In this article, we have focused on the basic approaches that both employees and companies can adopt to increase their security while allowing for flexible working. While some of these methods may appear obvious, not all companies follow these procedures and thus continue to be exposed. The question is, how protected is your business from such exposures?
Lockton's experienced cyber team can provide tailored solutions to cyber liability according to the specific risks your company is exposed to. Please do get in touch with us if you are concerned about the risks to your business.