Get Aligned!

There can’t be many businesses today that don’t use remote working to some extent throughout the working day. Even those without a culture or need to offer remote working will have employees or directors taking work home, or working from hotel suites, conference venues and public transport at times.

This more casual form of remote working, one that may not be accounted for when analysing how business IT networks are used, is often missed in cyber security policies and procedures. However, it is one important factor that can put organisations at risk of cyber attacks and data breaches.

Remote working, whether a formalised arrangement between a business and an employee, or an ad hoc ‘needs must’ requirement to get work done, can leave your business IT network, systems and devices vulnerable.

The first step for managing security and remote workers is to understand where your business is at risk. This should be followed with an awareness raising campaign within the organisation so that all employees understand how their actions may compromise security and what steps they must take to protect company networks and systems. Cyber security policies need to include the specific risks associated with remote working, with procedures and guidance in place for working away from the office. This will also need to explain what actions need to take place if a remote worker believes they have exposed the company to a cyber attack, and any disciplinary measures that may be taken.

The following top tips provide an excellent starting point, but if you would like to discuss what processes your organisation should be using in more detail, please get in touch with our technical sales and account management team.

1. Keep mobile devices and laptops safe
Lost and stolen mobile devices and laptops are easy pickings for cyber criminals if insufficient security measures are in place. The first line of defence is to look after these business assets: keep them with you and in sight at all times, and never leave them in hotel safes, cars etc. Next up is securing the devices themselves with good password hygiene and encryption on laptops. Finally, installing mobile device management apps such as AirWatch and MaaS360 give employees a chance of securing and recovering lost mobiles or tablets.

2. Excellent password hygiene
Strong passwords will not only protect your devices and systems being accessed if a mobile or laptop is lost or stolen, they also protect businesses from hackers. Good password hygiene includes using long passwords with multi-characters, two-step authentication processes, and unique passwords for different systems and logins.

3. Ensure up-to-date security protection is in place
Any devices that are owned by the organisation should be properly protected with antivirus, web filtering, firewalls, device encryption and other preventative software, but so too should your employees’ own devices if they are using them for remote working. This can be a difficult area to negotiate as your employee may feel this impinges on the personal use of their device: Your cyber security policies will need to address issues like these, either restricting staff from using their own devices for certain business critical activities, providing secure company owned devices, or making your cyber security protection mandatory.

4. Use of public wifi
Public wifi can be vulnerable to malicious attack, presenting issues for those employees who may need to work from a hotel or conference. While it is good advice to only connect to trusted networks this is not always feasible. Therefore, your remote working / cyber security policy should stipulate that employees should not use public wifi for any sensitive, business critical activities. It is advisable to draw up some guidelines that explain what systems and activities staff can and cannot access when using public wifi.

5. Email encryption and best practice
Email is perhaps the most used digital technology by staff members who are away from the office, and one that can open a backdoor to cyber criminals. Encryption and robust management of corporate email is a must. The installation of applications such as Mimecast is a no brainer, but raising awareness of the vulnerabilities of email will also help embed best practice in your organisation. This can include training in spotting cyber threats like phishing emails, and also policies on what information should not be communicated in an email – for example logins and passwords.

6. Using public computers
While the majority of people will have their own laptop or mobile device that they use for remote working, occasionally someone may need to use a public computer such as in a business suite in an airport. Employees should be aware of the security implications of this and adhere to the following guidance: keep screens private (position them away from other people), don’t use public computers for any sensitive information, use ‘private browsing’ where possible, never use ‘remember me’ or ‘save information’, and clear your browsing history and delete any downloads before closing the browser.

7. Using devices when out and about
Employees should also be aware of physical threats when using devices when in public places like cafes, hotels, airports etc. Just as you would hide your PIN when using an ATM, employees should be discreet when keying in passwords and logging into systems. They should also be aware of the risk of snooping and eavesdropping, not just online, but also from other people in the vicinity. Can someone see and potentially grab a discreet photo of company sensitive information while they work in a public space?

8. Removable devices
USB sticks and other removable devices can be a source of malware and should be checked first. Many conferences hand out USB sticks that may be infected, often unbeknown to the organisers. Also don’t allow anyone to plug in a USB device into your computer, for example to share information in a meeting. Always get your IT department to security check removable devices.

9. Monitoring and policy enforcement
24/7 network monitoring and security will help your organisation identify threats and monitor users on your networks. We partner with OpenDNS to protect our clients’ data and provide automated enforcement of corporate security policies. Remote workers and their mobile devices can be monitored using this solution to protect your organisation’s network. More details can be found here.

10. Negligence and accidental risks in the home
Even when your employees are working from home using your secure VPN, VDI or remote desktop, there can be other risks that need to be considered. Children and pets can be a surprising threat! Cats have a habit of jumping on computer keyboards and inquisitive minds might press a few keys when a laptop is unattended. These kinds of risks should be addressed in your remote working / security policies to ensure that your staff take every feasible step to protect your systems at all times.

For more advice on remote working and cyber security please contact our technical sales and account management team to discuss how your organisation can keep sensitive information safe and business systems secure at hello@oryxalign.com or +44 (0)207 605 7890.

Back to List

Related Stories

Windows 7, Server 2008 and 2008 R2 security updates end January 2020

Windows 7, Server 2008 and 2008 R2 security update…

On January 14, 2020, support for Windows 7, Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Failur…

Read Post

Protecting Your Property

Protecting Your Property

The physical protection of your building and IT Systems is just as important as online protection. With the use of information technology an…

Read Post

Understanding The Digital Workplace

Understanding The Digital Workplace

The digital workplace is the virtual, modern version of the traditional workplace. It quickly and securely provides personalised, role-based…

Read Post

5 Things to Know About Wi-Fi 6 and 5G

5 Things to Know About Wi-Fi 6 and 5G

The sixth generation of Wi-Fi, Wi-Fi 6, also known as 802.11ax, provides more speed, lower latency, and increased device density. The fifth …

Read Post

The New Technology Buyer

The New Technology Buyer

It is predicted that 80% of new technology spend will sit with business buyers by 2020. This is a change which has come about primarily due …

Read Post

Security on the move

Security on the move

The ability to stay secure and productive anywhere, on any device is of great and growing importance to all businesses.

We look at the fi…

Read Post

Business Benefits of Microsoft Azure

Business Benefits of Microsoft Azure

Connecting Clouds: The growing pains of cloud adoption continue as organisations realise that a single solution of either Private Cloud, Dat…

Read Post

Understand & improve your security posture

Understand & improve your security posture

Gain deeper visibility into and take control of your security.

Assessing your security posture is an ongoing challenge. Increasingly soph…

Read Post

Artificial Intelligence

Artificial Intelligence

Artificial Intelligence (AI) and Machine Learning (ML) are fast becoming important pillars of many organisations’ digital transformation s…

Read Post

IT Risk Management

IT Risk Management

With today’s pressures of compliance, cybercrime and customer demands organisations can no longer afford to have ad-hoc IT Policies and IT…

Read Post