What many remote workers and their employers don’t realise is that the risks of working from home go beyond dogs barking in the background of a Zoom call or uncontrollably eating all the biscuits; the rise in people working from home has also increased the risk of a data breach for many organisations. Taking a work computer home can result in data loss or data since home networks lack many of the usual built-in security measures.
Organised by the National Cybersecurity Alliance, Data Privacy Week takes place from 22nd-28th January. This annual campaign aims to educate individuals and businesses about the importance of online privacy. It’s a good time to focus on the risks affecting all of us, including those who work from home. Matthew Margetts, Director of Sales and Marketing, Smarter Technologies Group, shares ways for businesses to protect their employees and their data while allowing for location flexibility.
Educate employees about cybersecurity
It’s important to conduct regular cybersecurity awareness training to teach your employees to:
Adopt a zero-trust model
A zero-trust model creates micro-perimeters with restricted access and permissions, along with ongoing encrypted traffic inspection and analysis. For today’s disseminated workforce, zero trust is the only way to approach network security.
Monitor third-party service providers
You may have trained your employees and implemented zero trust architecture, but your weakest links may come from outside your organisation. Your vendors and outsourced service providers may also have employees working from home and opening your data to cybersecurity risks. Be sure to conduct thorough vendor risk management and be clear with your suppliers about your cybersecurity policies and expectations.
Enforce strong passwords
Enforce stringent password requirements on all company devices. Make it easy for your employees to create, remember, and use strong passwords by using a password manager such as LastPass or 1Password.
Encrypt everything that stores business data
Encrypting data means changing it into a code that can only be translated and read by someone with the corresponding password or decryption key so that only authorised parties can access it. Encrypting emails, files, and anything that stores valuable business information. If employees are using their own devices, they will need to encrypt any laptops, tablets and phones, wearables, etc., and back up important data to the cloud. This means that if someone’s personal or business device is lost or stolen, the data will still be stored and accessed safely.
Implement adequate email security
Malicious email is a popular way for cybercriminals to spread different types of attacks. Email security includes various cybersecurity measures to ensure that email accounts are secure.
Ensure web applications use HSTS
It’s important to have HTTP Strict Transport Security (HSTS) in place to help protect users and websites from cookie hijacking attacks and protocol downgrades. HSTS is a simple and widely supported web security policy mechanism that enables websites to declare themselves accessible only via secure connections. It protects visitors by ensuring that their web browsers always connect to a website via HTTPS.
Monitor your company’s cybersecurity performance with security metrics
Especially with staff working from home, it's important to set up metrics and measures that monitor how well your staff is adhering to your data security policies while working remotely. Across the organisation, these metrics will help you demonstrate how well (or not) you are achieving your cybersecurity risk reduction goals, meeting your security standards, and adhering to information security management requirements.
Partner with the experts
If implementing all these measures sounds a bit overwhelming, it could be worth using a professional cybersecurity solutions provider to manage and structure your organisation’s cybersecurity systems. Expert help gives you the best defence against bad actors who are out to steal your sensitive data.
