More people are working remotely to keep the economy going during the COVID-19 crisis, which has seen work from home become the new norm. Remote working, whether temporary or full time, in response to a larger than normal workload, or part of your flexible working practices, is a large adjustment for everyone.
Risks to businesses when employees work from home
2020 has been a challenge for all businesses as they make pivots and abrupt shifts in working practices. Network security is the most significant challenge as the world sees a spike in cybercrime and phishing attempts, looking to trick employees into revealing their details.
Employees are no longer working behind company firewalls, VPNs, and intrusion prevention systems. The protection of blacklisted IP addresses is gone and increased data sharing across the internet gives cybercriminals new opportunities to crack passwords and reuse credentials to access other applications, sensitive data, and corporate assets.
How companies and employees can improve home-working security
Employees have seen cybersecurity as the responsibility of someone else in the workplace. However, remote working calls for the business and the employee to shoulder the burden of security together.
Companies can improve cybersecurity by:
- Ensuring employees know and understand your remote working policies
- Training employees on creating strong passwords
- Creating a BC/DR plan for the business in case a data breach occurs
- Purchasing cybersecurity liability insurance
Employees can improve cybersecurity by:
- Avoiding using personal equipment for work, where possible
- Installing antivirus software on computers and smartphones to prevent malware
- Ensuring their home Wi-Fi has a password and by changing the router’s admin password
- Setting up two-factor authentication
- Updating apps and operating systems with regular updates (patches) and by enabling automatic updates
- Being cautious of who they share their screen with during online meetings, so they do not accidentally share private information
- Not clicking on links or opening attachments in suspicious emails, including those exploiting COVID-19
Penetration testing for remote workers
Penetration testing is more important than ever for companies that are converting to remote working. Pen testing is an excellent tool for ensuring your company is meeting changing security challenges. External access to company servers poses new risks, and it is crucial to identify vulnerabilities, such as using a weak VPN. Penetration testing can help in various ways, such as running a phishing attack simulation to identify educational opportunities.