When your staff work remotely, they’re outside the security bubble that you’ve built to shield your business from cyberattacks. What’s worse, these employees often connect to your servers on unprotected personal laptops, routers, and smartphones.
Unfortunately, this kind of behaviour can undermine all your efforts to prevent your business from falling victim to a cybercrime. In fact, the electronics industry journal CEPro reports on global research indicating that 74% of companies attribute recent cyberattacks to remote work tech vulnerabilities.
“Cloud services and apps, personal devices and remote access tools have essentially eliminated organisations’ security perimeters, resulting in more cyberattacks and compromise as IT managers struggle to manage new technologies.”
Don’t let devices that are out of sight be out of mind
The scale of remote working vulnerabilities is such that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert in June 2022.
But your business needn’t become a cybercrime statistic. All the measures that we shared in our article on protecting your business from cyberattacks still apply. But you need to ensure that they are also in place on devices that your IT team may never physically work on.
Part of the problem is that you may not even be aware of all the hardware your employees are using. People working from home often buy devices that they need to do their jobs but that IT hasn’t approved or configured. Because it often goes undetected and unprotected, this equipment is referred to as shadow IT.
Even the remote teams’ devices that are on IT’s radar might be used after hours for online activities that can make them – and consequently you – vulnerable to cyberattacks.
Getting everyone who connects to your corporate network and systems to do so from a machine dedicated to work purposes is first prize.
But that’s not always practical. After all, you should then compensate employees for “commandeering” the equipment. That way, they can invest in an alternative computer, tablet or smartphone for entertainment, surfing and online shopping.
When it comes to cybersecurity, keep in-house staff close and remote workers closer
The bottom line is: you can’t afford to leave those who aren’t in the building out of the security loop. After all, the safety of your networks and data is (to a significant extent) in their hands. For that reason, it’s essential that they receive training to help them fully understand the threats and commit to preventing them.
As cyberattacks increase, a key part of their education is what to do in the immediate aftermath of a breach.
Just as you share your knowledge with them, be sure to also share your corporate security tools. Being tight-fisted with encryption and virus protection is counterproductive.
You may well have enough licences to cover remote workers’ devices. And even if you don’t, it’s cheaper to buy them in large numbers than to rely on individuals to get their own.
Connecting the dots and devices safely
The way your employees connect to the internet and your network often leaves the door wide open for hackers to slip in behind them. This is especially true when working from home actually means working from a coffee shop. Password-free, public Wi-Fi networks are completely unsecured.
Secure, password-protected networks encrypt data transfers. In contrast, anyone with basic cybersecurity knowledge can easily read unencrypted plain text. This goes for connecting to a network using a laptop, tablet or smartphone. Even checking mail on a mobile device via an unsecure network can be the mistake that leads to a cybercrime.
Unfortunately, home Wi-Fi systems are often not much better. Routers don’t come out of the box configured with the maximum security settings as default. The user needs to log in and set up password protection, encryption, and firewalls. But many home users may lack the tech savvy to do so on employer instructions.
To ensure that remote staff aren’t leaving chinks in the company’s cybersecurity armour, business owners need to educate them and provide IT support.
As an important line of data defence, virtual private networks (VPN) should feature strongly in cybersecurity training programmes as well as practical support.
Go private with VPN
Virtual Private Networks (VPNs) use real-time encryption to scramble your network traffic and hide your identity online. Imagine it as if your data – everything from instant messages, email communications, downloads, login credentials, and the sites you visit – travels through a secret tunnel.
As a result, it’s much harder for hackers to track your activities and steal your information. What’s more, with a VPN, you can create a private connection to business networks – even when using unsecured, public Wi-Fi.
Don’t let the cloud overshadow your business
Just like your employees’ work isn’t done once they’ve connected to your servers, neither is the potential for cyberattacks. Above all, those servers are increasingly hosted on “the cloud” in remote or hybrid work environments.
Cloud services are easily scalable and accessible, improve collaboration and reduce the company’s administrative and management burden. As such, they’re the obvious choice for many business owners. But they’re not without risks.
Service providers are responsible for many security aspects of cloud security. That’s why it’s important to ensure they guarantee complete protection against leaks and unauthorised access.
The vendor’s ability to provide reliable backups is equally critical so that you don’t face data losses. Ask whether they perform routine security audits. If not, it may be advisable to take your business elsewhere.
Even with the best service provider, there are some risks that remain your responsibility and they shouldn’t be taken lightly. A TechTarget report on a survey of security professionals drives this point home:
“A quarter of the participants’ organisations had experienced a security incident associated with their use of public cloud infrastructure.”
Meet but keep it discreet
Along with software, tools, databases and servers, meetings have also moved online – and are becoming a prime target for cyberattacks.
Zoombombing – when internet trolls hijack video conferences, disrupting them with lewd, racist, antisemitic or other inappropriate content – is bad enough. They inevitably lead to hosts shutting down the session. But criminals can also lurk undetected gathering sensitive information.
To ensure you don’t become a victim of a cybercrime as a result, implement the following security measures:
- Provide meeting passwords, which prevent uninvited “guests” from joining
- Create waiting rooms so that the meeting host controls access
- Encrypt meeting recordings
- Restrict file sharing in the meeting chat so unknown attendees can’t access sensitive data
Clearly, so far, your takeaway from this article should be that any kind of network connection is vulnerable to cyberattacks. By that logic, using a smartphone to open emails, store or access sensitive business data, or make work calls is yet another avenue of attack for hackers.
Unfortunately, these devices are frequently less secure than computers. That’s in no small part because the firewalls, encryption and antivirus software that desktops and in-house networks enjoy are often not extended to mobile devices.
Don’t just phone in cybersecurity
Smartphones are the ultimate crossover devices – used for personal reasons one minute and work the next. For companies, this poses very real risks. Once hackers have breached a mobile device, they can steal data, carry out surveillance and even hijack the device.
IT Pro UK has reported a 500% surge in mobile malware infections across Europe this year. Malware often piggybacks on third-party app downloads. In addition, it can infect devices whose users fall for phishing attempts or connect to unsecure Wi-Fi.
Malicious programmes can run in the background, feeding criminals personal data like passwords, credit card numbers, and more. For this reason, businesses need to educate staff about cyberattacks targeting phones as well as more traditional office computers.
Smartphone security checklist
This checklist, is a good place to start for anyone who wants to ensure that their smartphone isn’t an easy target for a cybercrime:
- Lock your phone with facial ID, a fingerprint, pattern or pin. This is the first line of defence if your phone is lost or stolen.
- Use strong passwords – ideally with a password manager for extra protection – to secure accounts on your phone. On apps that offer it, two-factor authentication ensures that your information is twice as secure.
- Only download apps from official stores. Google and Apple have policies in place to prevent listing dangerous apps in their catalogues. Even so, it pays to read descriptions and reviews carefully before hitting the install button.
- Switch off Bluetooth when it’s not in use. Dormant Bluetooth provides hackers with a backdoor to your device.
- Clear your mobile browser history, including cookies and cached files. That makes it harder for criminals to put together a picture of your activities if they do break into your phone.
- Delete old apps and update the ones you use. The more apps you have, the more updates you have to do, and the greater the chance that one of them is vulnerable to cyberattacks. Keeping apps current ensures you have the latest features and security measures in place.
- Teach yourself to lock or wipe your phone remotely if it gets lost or stolen. Restoring your data on a new device won’t be a problem as long as you regularly back it up. Plus, criminals won’t be able to steal your information along with your phone.
Lean into learning with our help
It’s clear that protecting your business against cyberattacks has to be a grassroots effort. Digimune can help you educate your staff and assist with the ongoing learning process that’s necessary to stay ahead of the cyberattack curve.
Browse Digimune’s services to discover how we can help you repel cybercrime.