16 March 2020
How to keep your company’s data and network secure whilst working from home
More and more staff will be working from home during the coronavirus outbreak. However, this is likely to put them at risk of being hacked. They could be accessing sensitive company data, using weak computer security settings. Hackers can easily take advantage of this to get inside the company network and steal that data and more.
Remote working should not be challenging. Accessing the internet is easy enough. Cloud office suites and SaaS (software as a service) applications enable a seamless move from office to home. However, most organisations will not have supported quite so many staff working remotely, and employees themselves may be a little rusty in observing the protocols when working from home.
What staff need to do
For staff the rules are simple. The key is that cyber criminals rely on your feelings of safety in your own home:
- Passwords do matter: Strengthen the passwords you use. Particularly those to log on to email or work applications. They should be at least 12 characters long, including a mix of numbers, symbols and upper and lower-case letters.
- Be alert to phishing: If you receive an email with an unusual request, check the sender’s details carefully. If you are still unsure, don’t respond in any way. Do not click on unknown or suspicious links. Unexpected emails about coronavirus are likely to be malicious!
- Secure your device: If you use a company laptop for personal items, this can create a security risk. The risk is even greater if you use your personal computer for work. If you do, take advice about uploading a strong anti-virus and security package.
- Check the safety of your wi-fi: Unsecured wi-fi networks are easy for cyber criminals to crack. Protect your home network with a strong password. If possible, use a VPN (Virtual Private Network) connection, which encrypts data travelling between your computer and the company network. Do not connect to unsecured public networks – particularly in hotels and coffee bars.
What companies need to do
For companies the rules are also simple. They just need a little forethought:
- Trust no-one: Set up your remote access system on the principle that everything must be verified. Use multi-factor authentication (password plus). Encrypt links using VPN or, better still, SDP (software-defined perimeter) which enables one-to-one authenticated connections between the user and the resource they are accessing.
- Classify your data: Identify, label and lock-in your sensitive data, ensuring that only appropriately authorised staff can access it.
- Group your staff: Be clear who has access to what information. Ensure that levels of access correlate with levels of data sensitivity, and can be authenticated.
- Check every endpoint: Be certain you can identify the non-office devices you allow onto the system and that they have the right level of security. Devise an action plan to handle any cyber threats from data leakage to attacks from devices on the system.
- Stress-test your system: Ensure it can handle the volume of traffic as your staff increasingly work from home.
James Groves, Commercial Division Assistant Manager comments,
“These practical security principles will help companies protect their data and networks against hackers at both ends of the connection. A robust cyber insurance policy can give your business further peace of mind. Centor also offers an e-learning platform, designed to develop your employees’ understanding of cyber risk and equipping them with the knowledge to spot these threats and avoid them.”
For more information, get in touch with:
020 7330 8707
For more information on Cyber Awareness Training, click here.