Date posted: 11 April 2022 – Category: Cabling Services
Over the past two years, remote work has evolved from a trend talked about by many but tried by few into the only way to work. For some, the arrangement has worked so well that there’s no going back. Big tech firms like Google and small businesses alike plan to adopt a hybrid schedule, with employees dividing their week between home and the office. Some, like HSBC, plan to move thousands to permanent remote work.
This mass movement away from the office brings a myriad of benefits for business, like cost savings in rent and improved morale. But the speed of the switch has ripped considerable tears in cybersecurity. Nearly half of businesses have reported an increase in cyberattacks over the past 12 months.
Home networks aren’t set up to offer the level of security of your average office network. But that doesn’t mean businesses are out of options. As employees shift to permanent remote working arrangements, the IT sector is also scrambling to find ways to extend their security perimeter past the office.
Here are a few practices you can implement today to improve the cybersecurity of your home office.
In the office, people are usually on high alert for suspicious emails. Awareness training and regular mock tests have made workers especially cautious.
Comfortably sat at home and inundated with news they would otherwise ignore at the office, work from home employees are particularly vulnerable to phishing. Indeed, cybercriminals have used the uncertainty and fatigue of the last two years to exploit the unwitting, with phishing attempts spiking by a staggering 667 percent during the height of the pandemic.
Attacks are coming from angles that employees would normally be insulated from at work. For instance, some bad actors have set up fake ecommerce sites to take advantage of the fact that many have flocked to online shopping for their essentials. Organisations need to retrain employees and reiterate what shouldn’t be done on corporate devices, or what to look out for when using their own personal devices for work.
Typically, you can trust your IT team to run a tight ship by keeping hardware and software patched and regularly updated. But their reach has only ever needed to extend up to corporate devices.
Beyond that perimeter, plenty of personal devices are woefully unprotected which is a major obstacle to BYOD working. Around 42 percent of Internet users in the UK have no antivirus software installed. Half don’t download important upgrades when prompted, leaving them vulnerable.
Businesses need to help remote workers get their security up to speed. Ensure everyone’s equipment gets patched and installed with corporate approved antivirus software. Set up calls to walk them through the process if you have to; remember that some employees will be working through updates of this scale for the first time on their own.
Amazon and Google are just some of the largest companies whose thousands of employees won’t be spending five days at the office anymore. Many are following suit, with around two-thirds offering some type of flexible arrangement, according to a survey from the British Chambers of Commerce.
This presents a new cybersecurity conundrum: how do you control for safety when employees are regularly switching from corporate to personal devices? Crown Jewel Insurance founder Mary Guzman advises a strict vetting process. In the absence of one, Guzman believes “personal devices should not be allowed back in the office”.
However, it’s extremely hard to control when employees drop in and out of work apps on unauthorised devices. IT experts estimate that they’re blind to about 40 percent of the devices that access their network.
You won’t be able to completely stop employees from hopping onto work using devices you’re not aware of. However, you can minimise risk through relatively basic good practices.
One of them’s reminding employees to physically secure devices used for work. You can’t tell when a family member or housemate might unwittingly put your data at risk by sharing it or deleting files. And while it seems like common sense to log out of work apps after work, 88 percent actually don’t disable access when they’re not using the computer.
The security of home WiFi networks themselves need to be reevaluated, especially for staff who will be permanently on remote work. Companies will need to catalogue router configurations and teach employees how to shore up their defences by changing default network names and using stronger passwords.
The Zero Trust Model is a security approach that has risen in response to vulnerabilities created by the free movement of users and devices in an organisation’s internal network. Under Zero Trust, every machine or end user is suspect until proven otherwise.
Setting up the architecture sounds about as tricky as it sounds. Amending your company’s security policy and rolling out changes across the organisation takes months of planning.
Yet the pandemic has left businesses with few options. “Maybe you had 5,000 employees going to half a dozen offices. You now need to realise you have 5,000 offices, and making that transition from a management and security perspective is radical. It’s throwing 40 years of IT out the window and now rebooting and doing everything right from scratch,” says Gartner security analyst Rob Smith.
A zero trust network grants you tighter controls over security, even if it requires greater oversight. If you can’t control which devices come to your door, you can at least control the point of entry.
The security of your remote working office begins with a robust and updated network in the workplace. TVNET can help you design a network that allows you to control access and limit vulnerabilities. Schedule a free consultation today.
21 Station Road Workshops, Station Rd, Bristol, BS15 4PJ
Kevin Edenborough, Eden Chartered Accountants