Read our guide to maintain cyber security when working online remotely
What’s the situation?
Cybersecurity continues to be a top priority for small businesses. Even after 18 months of remote working, the shifting shape of data breaches and hacks designed to take advantage of out-of-office workers continues to be a challenge for businesses of all shapes and sizes.
Why remote workers in particular?
The fact is that being outside of a ‘controlled’ environment, like the office – and all the firewalls and protections that entails – leaves staff more open to all sorts of cyber threats. According to experts, remote/distributed working means we’re more reliant on the internet than ever before to carry out everyday tasks, which leaves businesses increasingly at risk (Source: IT Governance).
What is the risk though?
Threats can appear in a number of forms. In particular, they might be designed to take advantage of working from home setups, such as increased use of personal laptops or smartphones that aren’t protected by your business’ cybersecurity perimeter. Rudy Bandiera, co-founder of NetPropaganda, admits this can be a problem, saying “most of our employees use their own devices regularly” (Source: V-Hub).
Well, we’ve also seen a rise in the number of ‘phishing’ attacks over the last year, where a hacker mimics an ‘authentic’ source in an attempt to try to extract valuable information from the target. By how much you’re asking? According to Allot Research, these attacks have risen by a staggering 718% (Source: Allot Research). Carl Reader, author and small business champion, told us earlier in the year that his business “would regularly receive [these] low level attacks, such as ‘director impersonation fraud’.”
Should I be concerned?
While we don’t want you losing sleep at night, it’s good practice to be wary by default and treat anything unusual, whether an email or messages, with suspicion.
So I don’t need sophisticated cybersecurity defenses?
While robust cybersecurity solutions will go a long way to protecting your business, some of the most effective cybersecurity measures aren’t in the form of firewalls and security modules. In fact, the ENISA’s (European Union Agency for Cybersecurity) first step to ensuring a business is cybersecure is developing a good cybersecurity culture, and we couldn’t agree more! In a similar vein, one of the most important things you should do is stick to a basic set of rules that are underpinned by a ‘zero trust’ mindset.
What is zero trust?
Zero trust, as implied by its name, assumes that any attempt to access your business network is a breach and that each request to do so needs to be verified.
Is it complicated to implement?
Not at all. It’s more a mindset shift that starts with your employees beginning to assume any inbound emails or texts could be fraudulent. As Elliot Kirby at Simply Business puts it, “By implementing a Zero Trust model, SMEs can empower their employees to work remotely and securely and protect themselves against an onslaught of cyber threats” (Source: LinkedIn).
How can I get staff on board with this?
We’d always recommend you start with training for all employees, not just those that work in IT. There are lots of places online that you can find short (1-2 hour) virtual training courses that combine theory and practical sessions. The ENISA offers its own e-learning guide for SMEs, as well as training materials. These sessions will run through the basics, such as:
Identifying and defending yourself against phishing emails
Using strong passwords
Securing your devices
What about the technology?
Password Manager: Security expert and journalist Sam Bocetta says a good password manager is “worth its weight in gold” (Source: AT&T Business). It allows you and your employees to create a series of complex and unique passwords for online logins which you don’t have to remember. Rudy Bandiera actually uses a password manager with access control to offset the fact that his employees often uYou don’t need a load of sophisticated and expensive systems to secure your business. There are a few pieces of software and processes we’d recommend as a baseline though:se their own devices (Source: V-Hub).
Two-factor authentication: If you’re given the choice to use two-factor authentication (often shortened to 2FA), then you should take it. This can be implemented on work mobiles, emails and on business bank accounts, among a number of other places. It simply means that you need two sets of credentials to access an account, making it much more difficult for hackers to break in. Kyle Chivers at Norton says that, “With it becoming increasingly easy for cybercriminals to guess passwords, 2FA is more important than ever” (Source: Norton).
Virtual Private Networks (VPNs): VPNs encrypt all traffic to and from your devices making it impossible for bad actors to ‘listen in’ on your business’ vital information. What’s more, they are key for workforces where some employees are in the office and others are working remotely. In fact, the tech pros at TechRadar went as far to say, “Given the current exceptional situations worldwide, using a business VPN is extremely important for any modern company that has a flexible and mobile workforce” (Source: TechRadar).
Cool – what happens if I need more information?
Our Business Advisors are available by phone or web chat. And they aren’t just experts in cybersecurity – take a look at some of the other digital topics they can help with.
Microsoft Enterprise Mobility + Security
Help protect users, devices, apps, and data in a mobile-first world.