In an ideal world, working from home offers great advantage to an office-based business and its employees. For example, it offers:
- lower costs
- improved productivity
- better employee engagement
- environmental benefits
- access to a wider pool of talent
In fact, over 50% of the UK population is expected to work remotely by 2020.
This would be impossible were it not for the tremendous technology that we have today. Because we have superfast broadband, Wifi, cloud technologies, smartphones and easy to use software, remote working can become a successful solution for any business.
But today’s global coronavirus pandemic has dramatically changed any chances of a controlled transition to home-working. It has triggered the hurried and wholesale move of many business functions into this new, remote and virtual world.
This is where the problem starts.
When we sit comfortably at home, we can become complacent. When we’re away from the office, we’re in a different world. One where we’re much less alert to the risks lurking in our home-based virtual world.
For adept hackers, this complacent world is a perfect opportunity. So much so that one of the UK’s intelligence agencies has made a rare announcement to warn the public about criminals who are using the coronavirus outbreak to launch online attacks.
Since January 2020, the global number of phishing attacks has spread as fast as the coronavirus. Hackers and their supporting software have many more targets. You could say that it’s a Golden Era for them.
The Need to Share
Yet inevitably, to make home-working work, organisations need to share sensitive information virtually, across new digital boundaries. But, Covid-19 has taken hold so fast, many businesses have had no time to review their contingency and continuity plans for remote digital security.
Many are jumping to whatever is the quickest way to maintain productivity. And in doing so, they will likely compromise security.
In the long term, the impact of this could be far worse than the virus.
That’s why Galaxkey has produced this five-point check sheet – five necessary steps to stay safe when working remotely. These simple tasks are easy to understand, and don’t require advanced IT knowledge to implement.
1. Passwords with Two Factor Authentication
Use a password management tool.
Select a standard tool for your company and inform every employee to use it to store each password.
Don’t allow passwords to be stored in tools such as Excel or Notepad.
For all online services like emails and document sharing, enforce two-factor authentication.
Having this will ensure an additional protection factor is used alongside the password to access your online systems.
Pro-tip #1: Get a single sign-on system to manage all passwords and authentications.
Pro-tip #2: Ensure your single sign-on system has two-factor authentication mandated.
2. Encrypt everything
Don’t rely on cloud-based storage tools or online email providers to secure your data.
Encrypt everything both in storage and in transit.
Because this will be the best defense to failures of any online tool.
Pro-tip #3: Ensure you control your encryption keys because managing these keys gives you control over data.
3. Firewall everything & setup corporate VPN
Educate your employees to enable a firewall on their home machines or even on the office machines they use when they work.
Also, if your employees work overseas, set up a VPN for them to work through.
This will ensure that all communication over the internet is protected.
Pro-tip #4: Set up an in-house VPN. It’s more reliable than depending on third-party services.
4. Anti-virus & Anti-Malware
Ensure all employees have anti-virus and anti-malware tools installed on their machines AND, ensure that the tools are regularly updated.
Pro-tip #5: Install onto ALL machines, including smartphone operating systems. They too are vulnerable to virus attacks.
Even with the best systems and policies in place, you need to continue to educate your people.
Make time each week to educate your employees on the importance of being security-aware.
Educate them about phishing attacks and share the latest security reviews from the news. Keep them up to date with the latest security threats.
Just like a fire-drill, do a security-drill for 15 mins and review with your team each week.