Manage wfh cybersecurity risks

One of the few positives to come out of the COVID-19 pandemic is the rise in the number of companies offering their teams working from home as an option.

Remote working has been shown to increase employee happiness and loyalty, reduce stress, and even increase productivity. It was already on the rise pre-pandemic. Now it looks like it’s here to stay.

Yet for all its benefits, working from home comes with cybersecurity risks that need to be managed. If you have a growing business and a remote workforce, here are the most important things to watch out for.

Remote working cybersecurity risks

1) Use of personal devices for work

Many businesses had to scramble to enable their teams to work from home when the pandemic first hit. This often meant allowing work from personal devices until business options could be organised.

This approach was always risky. Personal devices don’t have the same reliable or uniform cybersecurity protections in place that a properly managed work device would.

Now that the initial panic is long over, any processes like this need to be quickly re-examined if you don’t want to leave your business vulnerable to a costly data breach.

2) Unsecure home networks

Perhaps the biggest cybersecurity threat when working from home is the use of a home network that doesn’t have up-to-date security.

For instance, your company’s office network should have a firewall that monitors and automatically block suspicious traffic. There’s no telling whether an individual employee’s home network has a working firewall or the last time they updated it.

3) Rise in phishing and ransomware attacks

The huge growth in numbers of people working from home hasn’t gone unnoticed by cybercriminals. The tactics they use to target employees have gotten more sophisticated too.

It’s not just number crunching and password breaking, though these are still serious risks if you don’t have the right processes in place. It’s now a lot more about social engineering techniques.

The scams that are currently the most effective are ransomware and phishing attacks. The latter, in particular, relies on poor employee training or clever penetration of your system to spoof legitimate-looking requests for information or payment.

4) No MFA and weak passwords

Another casualty of the rushed approaches to remote working many businesses had to adopt during the pandemic is poor password and authentication processes. This is all the more important in an age of more sophisticated cybercriminals.

Because even if you have the best firewall and VPN, an employee who uses their dog’s name and a number for a password is leaving your system wide open.

Plus, you’ll almost certainly have noticed that more of the services you use every day are requesting that you receive a security code by text. That’s because this is a kind of MFA (Multi-Factor Authentication) that is almost impossible for hackers to penetrate – and certainly something every business should look into.

5) File sharing without encryption

When everyone is on your office network, sharing files isn’t a problem. But when files – things like financial information, customer data, and more – are sent between different locations, encryption certainly needs to be something you consider.

Tools like Google Workspace and Microsoft 365 have advanced security features built-in. But that doesn’t mean you can rely on them alone to make everything secure.

File sharing encryption is another cybersecurity risk of working from home that can be managed. But it does require you to be aware that it’s a problem and take measures to deal with it.

How to manage remote working cybersecurity threats

None of this is to say that remote working is too risky to be allowed. Far from it. Businesses are seeing serious improvements in staff happiness, loyalty, and performance by allowing their teams to work from home at least some of the time.

But if you want to implement remote working safely from a cybersecurity risk standpoint, you need to engage with your IT team or Managed Service Provider to get processes put in place.

Need to ensure your remote working practices are cybersecurity safe?

Let’s talk. Dial A Geek is a Bristol-based cybersecurity expert working with businesses across the UK.

Set up a cost and commitment-free consultation with Chief Geek Gildas Jones today. Let’s talk your current set-up through.

ALL ARTICLES