Philip Bridge, President of Ontrack tells us his top 10 tips to working remotely.
These times that we all find ourselves in has led to a need for businesses to offer the option for their employees to work remotely; whether they were ready for it or not. Remote working, whether on an ad hoc basis or in a formal written agreement between an organisation and employee, can leave a business’s IT network and systems vulnerable. Cyber-attacks and data breaches can have serious implications for organisations in terms of downtime, financial implications as well as the reputation of the business. In fact, according to Ponemon’s “Cost of a Data Breach” report, the average cost of a data breach in the UK is now £3.91 million.
Ensuring your organisation has processes and procedures in place for remote work is the safest way to protect from cyber-attacks and data breaches. These are the following guidelines we suggest everyone follows while working remotely:
1) Identify a VPN protocol.
The use of a VPN is essential to ensure the security of your organisation when you are connected to Wi-Fi – whether that’s a public Wi-Fi or personal. Using a secure VPN makes it very difficult for cybercriminals to infiltrate a laptop. It is also essential for organisations to test and ensure they have a strong enough infrastructure to support the majority of their workforce working from home.
2) Keep security up-to-date.
All devices used by employees should be properly protected with antivirus, web filtering, firewalls, and device encryption. These tools should be updated regularly and enforced by the IT department. Personal devices should not be used for specific business-critical activities.
3) Limit the use of public Wi-Fi.
Public Wi-Fi can be easily targeted by cybercriminals. Remote working policy should state that public Wi-Fi (i.e. coffee shops or hotels) shouldn’t be used for any sensitive business activities. This, of course, isn’t something allowed in many countries right now.
4) Beware of phishing emails.
High profile global issues and crises are perfect fodder for hackers. Unfortunately, the use of themes such as the coronavirus for phishing emails or other predatory techniques is prevalent right now.
5) Protect passwords.
All devices should have long passwords with multi-characters, two-step authentication processes, and different passwords for each system and logins.
6) Remain vigilant when outside of an office setting.
Just as people are encouraged to protect their PIN when using a cash machine, employees should protect their passwords when logging into company systems. It is very easy for other people to eavesdrop a conversation or take a discreet photo of sensitive company information.
7) Conduct a risk assessment.
Identify questions for the remote working space, such as: Who has access to the work laptop? Are the device passwords adequate? What are the rules for the transfer of data between the remote working location and the office? And, what is the protocol if the work laptop is lost or damaged?
8) Training and best practice.
All employees should be aware of the best practices of internet usage and the vulnerabilities of email. Refer to company policies for guidance on the types of communications that should and shouldn’t be sent (i.e. do not send logins and passwords).
9) Beware of removable devices.
A USB port is an easy way of introducing malware to an organisation’s network. Whether a personal or work issued USB, sensitive company data shouldn’t be stored on a removable device.
10) Alert your IT department.
If in doubt of any suspicious online activity via emails received, links, or pop-ups, seek expert advice.
Most importantly, ensure that you have mitigation processes in place. If one of your employees experience an accidental data loss, you discover your systems have been compromised by malware, or you uncover a successful ransomware attack, act fast.