There are likely to be as many complex routes of communication in your home as there were in your office. Are you thinking about the risks these present to the security of your business?
Homeworking is now the norm and the knock-on effects for cybersecurity are significant. According to a cybersecurity survey carried out by HLB in 2020, 65% of organisations reported some instance of security breach, or vulnerability to attack.
With regard to the move to homeworking, only 42% of organisations declared that they were “well-prepared” for homeworking, with 43% saying they were “somewhat prepared” and 13% not prepared at all. What this means is that over half of organisations taking part in the survey were not adequately prepared for homeworking.
Can you ever cover all the risks?
The short answer to this question is, no.
Due to the ever-evolving variety and development of cybercrime, you can’t realistically cover yourself and your business against every type of IT vulnerability. But every type of cybercrime is not going to happen to you all at once, so what you can do is consider the range, what’s most likely to occur, and put measures in place accordingly.
Your cybersecurity implementation should never stop, or operate on an, ‘it’s finished now’ tick-box basis. Just as cybercriminals never stop, cybersecurity never stops. But it will be your regular consideration of the risks you face that equip you better when it comes to cybersecurity and protection for your business.
What are the main risks of homeworking?
1. Vulnerabilities of Virtual Private Networks
Virtual private networks, or VPNs, are crucial to businesses moving their operations to the homes of their workers; but it means having extended networks in the home. If the VPN has a compromised identity on a computer, and many do, hackers can exploit it.
To manage this risk, you need to have endpoint integrity and failsafe authentication in place. Networks are infected with malware or involve compromised hardware can be exploited through VPNs.
Our main advice here is: don’t just trust that everything is ok. Talk to your vendors, and hardware and software providers about the patching strategies they have in place and that their policies for ensuring endpoint integrity and identity are robust.
2. Employees’ mobile devices
Mobile phones are the first type of mobile device to focus on, as employees will use these the most, especially during unfamiliar times when a known device can provide reassurance. But identity theft and exploitation are targeted to mobile phone users by cybercriminals.
A strict mobile phone policy for work phones, and what employees are permitted to do on their own phone in the name of work, will work some way towards your safety in this area.
3. Employees’ lack of knowledge of cybercrime
Cybercriminals exploit human weaknesses to their advantage. Fake apps, phishing email, etc. Whereas previously, these types of attacks would be individualised to some extent, at the moment, we all have a common crisis, called COVID-19. Fake WHO (World Health Organisation) apps have been known to be downloaded by those who are unaware and vulnerable to suspicious notifications; having sensitive data and information stolen.
You can guard against these types of attacks by informing and training your employees; keep up to date with the types and trends, of cyberattacks so that you can keep your workforce well-protected and informed.
4. Your workers may have an audience
It’s very likely, unless your employee lives alone, that they are taking conference calls, and discussing business within earshot of family members, and possibly employees of other businesses. In short, you don’t know who is listening to the details of your organisation’s operation.
Simple privacy policies are important: cameras on or off for certain meetings, wearing earphones and prohibiting the taking of paper notes can all help to address the vulnerability in your business privacy.
Summary
This is not a definitive list of security measures; it’s set of basic prompts to help you start thinking about the risks and taking action. Remember, if you’re acting outside cybersecurity measures you are essentially operating outside of compliance.
Now as we ‘settle in’ to homeworking as the new full or part-time, perhaps permanent, measure, it’s worth really considering, before any more time goes by, the risks and what you can put in place to safeguard your organisation in the long term.
< Read more articles on our IT Academy
Business services like IT support, when they work properly, are a true partner to business. Here’s what it’s like when your IT support is a true partner.
If it can happen to McAfee, UNICEF and eBay…
It’s a wake-up call for brands – the SubdoMailing attack sees 8000 household names’ domains hijacked and exploited. Here’s why and how to protect your brand.