Cyber security for remote working

Remote working is not a new concept but since the pandemic there has been a shift in the proportion of companies who encourage hybrid or remote working. This flexible working approach is now being adopted as the norm by many businesses as we emerge from the restrictions of the pandemic and is welcomed by employers and employees alike.

However, something you might not have considered is how working remotely may put your organisation’s cyber security at risk.

Home Wi-Fi networks are typically more vulnerable targets for cyber criminals than business networks. This is because home networks are less likely to use firewalls and are more likely to rely on consumer-grade routers. These networks may have weaker security and when personal devices and networks with weaker security are used to connect to office systems, cyber criminals are given the opportunity to access your organisations data more easily.

So let’s take a look at some tips you can share with your staff on how they can stay cyber secure while working remotely.

1. Use only devices approved by your company

Personal devices aren’t part of a company’s IT infrastructure, which means they aren’t protected by the same security that protects the rest of the network, e.g. VPNs, multi factor authentication methods or firewalls. Because of this, if any employee uses a personal device, for example a personal mobile phone to check their work emails, the organisation’s cyber security can be put at risk.

Alongside this, the risks associated with loss and theft are amplified if personal devices are used. Any devices used for remote work will hold valuable and sensitive company information such as emails or databases. Usually, devices provided by a company will have additional security features in place, such as multi factor authentication, or protocols like being able to remotely wipe a device. However, the problems arise when personal devices do not have the same security settings in place. Without proper security, the device is more easily accessible and therefore so is any sensitive information stored in it.

That’s why it’s essential to inform your employees of the risks involved in carrying out remote work on personal computers, tablets, and mobile phones, and where possible, prevent them from doing so.

2. Use a VPN when appropriate

A virtual private network (VPN) provides users with a secure direct connection to an organisation’s network. This means you can safely send data across public networks through something called an encryption tunnel. The only way into the tunnel is by using a device that is configured to the organisation’s VPN server.

A VPN means your employees can log on to your company network and use all the resources they need to do their job, from anywhere that has access to the internet, safely and securely.

3. Keep your devices up to date

Ensuring your operating systems are up to date is vital. This is because developers of your operating systems will regularly release system updates, which will contain fixes for bugs and performance improvements. Alongside this, they will also contain security patches and new security features, so it is important that you install these.

Patches fix known flaws in systems that cyber criminals could use to compromise your devices and security features to make it more difficult for your devices to be compromised.

4. Encrypt your emails

While working remotely, emails will probably be sent more frequently, so you should consider their security. Cyber criminals can access emails whilst they are in transit, so some data and information may need to be encrypted before it is sent. This will be a must for emails which contain sensitive information. Without adequate email encryption in place, each stage of an email’s journey from sender to recipient, is vulnerable to outside attacks.

Message encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key, which  is a number that’s created on your device and the device you message. It is not shared with any other devices and it is deleted from the sender’s device when the encrypted message is created, and then deleted from the receiver’s device when the message is decrypted. This means the messages delivery server won’t be able to read encrypted messages because they don’t have the key. Encrypting emails prevents cyber criminals from accessing your messages while in transit.

In addition to the tips above, the best way to protect your business financially from a cyber related incident is with a robust Cyber Liability Insurance policy.

At Barnes Commercial, we work closely with our clients to gain an in-depth understanding of their business meaning that our recommended insurance programme will be unique to your business. Therefore, if you should fall prey to a cyber attack, you can be confident that your business will be protected.

Although measures can be put in place to lower the risk, methods to infiltrate networks are ever evolving. Creating a cyber response plan will be vital for your business and this should be supported with a comprehensive insurance solution. The operational, legal, and reputational impacts of an attack could be substantial, so it’s a good idea to partner with a broker that understands cyber threats and can arrange cyber liability insurance to support your overall strategy.

If you would like to learn more about how Cyber Liability Insurance can financially protect your business against an incident, please get in touch.

You can call us on 01480 272727 or email us at enquiries@barnesinsurancebroker.co.uk to start your cyber conversation today.

Sources:

1. https://it.nc.gov/resources/online-safety-privacy/tips-guidance/cybersecurity-while-working-remotely
2. https://www.ridgewall.co.uk/news-article/security-considerations-for-remote-workers
3. https://www.bizjournals.com/bizjournals/how-to/technology/2020/03/are-remote-workers-a-security-risk-to-your.html#:~:text=Insecure%20Wi%2DFi%20networks,security%20and%20insufficient%20product%20support.
4. https://www.core.co.uk/blog/byod-effect-security-risks-personal-devices-work
5. https://www.ncsc.gov.uk/collection/device-security-guidance/managing-deployed-devices/keeping-devices-and-software-up-to-date#:~:text=These%20updates%20will%20often%20contain,use%20to%20compromise%20your%20devices.
6. https://www.gov.uk/government/publications/email-security-standards/transport-layer-security-tls#:~:text=Transport%20Layer%20Security%20(%20TLS%20)%20is,a%20way%20they%20both%20understand.
7. https://support.google.com/messages/answer/10262381?hl=en#:~:text=Encryption%20converts%20data%20into%20scrambled,and%20the%20device%20you%20message