Remote working has never been more popular, with more and more businesses allowing or encouraging employees to work from home. However, just as businesses are reaping the benefits of remote working, so are the scammers. In the same way remote operations are evolving, so too is the cybercrime that attacks these practices. Over the last couple of years, hackers have been targeting remote workers and the perceived drop-off in security that this brings with it.
Businesses should be aware of the following five remote security dos and don’ts to keep their operations as safe as possible, no matter the distance between staff and the company premises.
DON’T Use Personal Devices for Work Activity
Employees should be encouraged not to use personal devices for work activity unless the correct security protocols are in place. This means having a company-wide policy for the use of equipment (including personal devices) with a particular emphasis on authentication and file sharing. However, no matter how hard businesses try, employees may still be tempted to use their own devices for work purposes, so communication and support are essential. Help employees set up secure Wi-Fi with at least WPA2, as well as multi-factor authentication and updated malware protection.
DO Ensure Attachments Have Come from a Secure and Trusted Source
A feature of security awareness training should be a focus on the dangers around attachments. Almost half of all malicious email attachments are office files or other file types commonly used in business practices. Staff should be taught to ignore file attachments unless they can be certain they come from a trusted source. When collaborative working requires sharing files and documents over a remote connection, all file sharing should take place using secure and encrypted sharing tools such as OneDrive, Teams, or similar.
DON’T Fall Victim to Online Scams
There are several popular online scams that specifically target businesses. One of the most common is posing as tech support. Businesses and employees should never respond to unsolicited tech advice from outside sources, even if the company appears to be respectable. If the advice seems legitimate, then it is always best to follow up through established means such as phone contact or online chat functions. Unsolicited phone calls or website redirects should be considered red flags. Suppose the business does fall victim to an online scam or ransomware attack. In that case, it is never advisable to pay the ransom, no matter the circumstances, as this can lead to further and more complicated issues. Always ensure critical files are backed up and operate a ‘zero trust’ policy within the organization.
DO Update Systems and Browsers Regularly
Apps and websites are responsible for a very low percentage of malware attacks, with fewer than one in ten incidents coming through these mediums. By far and away, the most likely source of a malware attack is via email. Putting off systems updates can make businesses much more likely to fall victim to attacks. Staying up to date and following basic good practices such as logging out of websites after browsing and backing up important data can also help to keep businesses protected.
DO Offer Security Awareness Training
Educate employees to be aware of the risks and dangers of remote working and don’t assume that people understand the complex issues around cyber security. People can often be the weakest link in any defense against cyber-attack, and businesses are only as secure as the least effective part of their cyber resilience.