Skip to main content
Contact us
Contact us
How to improve your business cybersecurity
Article

How to Improve Your Business Cybersecurity During the Remote Working Scale-up

The need for social distancing is driving the mass adoption of remote working. 85% of companies that responded to the CNBC panel survey stated that more than half of their workers are now working remotely. There is evidence, however, that remote working provides new and unique opportunities for cybercriminals. So how can you improve your business cybersecurity during remote work? Read on to find out.

Hackers are pointedly taking advantage of the coronavirus crisis. There is an increase in the number of phishing and other attacks, while criminals are also exploiting the anxiety employees are experiencing in today’s unusual circumstances.In fact, the CNBC survey we quoted above also found that more than a third of the executives surveyed reported an increase in cyber threats, linked to the increase in remote working.

Typical risks posed by remote working

Why does remote working pose such a security risk? It’s simple: when an employee accesses enterprise data from a remote location their employer loses a degree of security control. This loss of control is even greater if the employee makes use of a personal device. Just some of the risk factors include:

  • Network risks. Remote workers typically use any mix of secured and unsecured, wired or wireless and indeed private or public networks when accessing company resources. Doing so provides numerous entry opportunities for hackers, or the chance to snoop – companies simply cannot secure every network used by remote workers.
  • Physical device security. Physically securing devices that are used remotely is a real challenge as a lost device – whether employee-owned or corporate – poses data loss and privacy risks. It is just too easy for a device to be stolen, or to go lost while a worker is in transit or working somewhere other than home.
  • A mix of personal and business use. Particularly where employees use personal devices for work there is a significant risk that personal usage of apps and other resources may open the door for criminals to access company resources. Companies have limited control of the apps and services that run adjacent to enterprise apps on a personal device.
  • Scams focused on remote workers. Hackers know how to get into the mind of the remote worker and can subtly manipulate employees working outside the collective office environment. Solitary working can also mean that employees skip on typical cybersecurity best practice, unable to easily check and verify with a nearby colleague.

Simply put, remote working introduces a range of security risks. So, while companies are acting fast to ramp up remote working, they should also consider how to improve business cybersecurity for remote workers.

eleks compliance automation platform

Five tips on how to improve your business cybersecurity

Yes, remote working poses risks but there are several actions you can take that will put your company on track to mitigate cybersecurity risks to a large degree.

Issue company-controlled devices

Where possible your company should try to issue remote workers with company-controlled laptops and mobile phones that are exclusively for work use. The quick switch to remote working may mean that these devices arrive after the fact, but it is never too late to switch work to a dedicated device. This is particularly pertinent if your employees work with confidential or personally identifiable data.

As an intermediate step you may request that your employees sign their personal devices up to a mobile device management (MDM) service provided by their employer – it provides at least some degree of control, including the ability to remotely wipe a device.

The typical challenge is that employees do not realize that personal mobile devices, used for remote work, represent a threat to the company's information security, says Yevhenii Kurii, Information Security Expert at ELEKS. As a result, they often do not apply the same security and information protection procedures as they would with other devices such as desktop computers.

No matter where you are working from, whether it is office or home, airport terminal or hotel lobby, you should consider all your employees’ laptops and mobile devices as an essential part of your corporate infrastructure. Therefore, you should ensure that all security protocols such as password protection, encryption, malware protection, and continuous monitoring, normally used in the management of data on conventional storage infrastructure are also applied here. Moreover, do not forget to combine it with proper training activities, making your personnel aware of the common risks and possible ways to deal with them.

VPN provisioning

We’ve pointed out how network security is a key factor when working remotely. VPN use can remove many of these risks by securely tunnelling corporate traffic under an encrypted layer. VPN services are not expensive and can be readily rolled out to all employees – however, vet your VPN provider carefully.

If VPNs are not an option you could point your employees to a simple, more practical step – plugging devices directly into a broadband modem or router, instead of using Wi-Fi. You can also recommend that employees avoid shared and public Wi-Fi wherever possible.

Focus on endpoint security

Balancing device lock-down and security measures against practical device use is a difficult task, but companies nonetheless need to focus on the security of the devices used by remote workers. Endpoint protection software including anti-virus is an essential first step, many of these tools also include capabilities that guard against phishing attempts.

Also consider boosting everyday endpoint security principles such as regular updates and taking stock of all the devices in use by your remote workers. Device encryption will also deliver an additional layer of security – especially where devices are at risk of loss or theft.

Passwords and MFA

Now is the time to ensure that your employees use strong passwords to access corporate IT services, if you have not already done so. Also consider regular password changes – every 60 days, for example. It’s also worth reviewing password good practice with your colleagues, explaining the risks around shared passwords for example.

Multi-factor authentication is now widely available and worth rolling out as remote working is scaled up – a second authentication factor is an additional hurdle that makes it more difficult for hackers to abuse a stolen password.

Guidance against phishing

Employees that are under pressure and working in unusual circumstances are uniquely vulnerable to phishing attempts so now is the time to step up formal employee guidance. You already know the drill – don’t click through to unfamiliar sites, never open attachments from unknown sources, etc.

However, your colleagues can quickly forget these measures. That’s why re-enforcing this message is so important. It is also worth pressing a “trust but verify” approach – employees should check in with their colleagues if they see any legitimate but unusual communications.

Remote working can be secure working

In the recent past, many companies still choose to put a brake on remote working because of the perceived security risks. However, today, many companies have no choice other than to enable working remotely – and to do so rapidly.

We’ve outlined the possible risks and ignoring these risks is not an option – even where the roll-out of remote working is unexpected and rapid. However, companies that take the right steps to mitigate the risks of remote working will see their remote employees continue to be as productive as they used to be – without posing an outsize cybersecurity risk.

Are you looking for assistance of an experienced partner to help you stay on top of threats and ensure your organisations efficiency during the remote work period and after? Get in touch with us today!

ESET Benefits from Hiring a Flexible QA Team and Assessing IT Security Risks
View case study
eset
Have a question?
Speak to an expert
сyber-security-services-head-min
Explore our cyber security services
Explore our cyber security services
Contact Us
  • We need your name to know how to address you
  • We need your phone number to reach you with response to your request
  • We need your country of business to know from what office to contact you
  • We need your company name to know your background and how we can use our experience to help you
  • Accepted file types: jpg, gif, png, pdf, doc, docx, xls, xlsx, ppt, pptx, Max. file size: 10 MB.
(jpg, gif, png, pdf, doc, docx, xls, xlsx, ppt, pptx, PNG)

We will add your info to our CRM for contacting you regarding your request. For more info please consult our privacy policy
  • This field is for validation purposes and should be left unchanged.

What our customers say

The breadth of knowledge and understanding that ELEKS has within its walls allows us to leverage that expertise to make superior deliverables for our customers. When you work with ELEKS, you are working with the top 1% of the aptitude and engineering excellence of the whole country.

sam fleming
Sam Fleming
President, Fleming-AOD

Right from the start, we really liked ELEKS’ commitment and engagement. They came to us with their best people to try to understand our context, our business idea, and developed the first prototype with us. They were very professional and very customer oriented. I think, without ELEKS it probably would not have been possible to have such a successful product in such a short period of time.

Caroline Aumeran
Caroline Aumeran
Head of Product Development, appygas

ELEKS has been involved in the development of a number of our consumer-facing websites and mobile applications that allow our customers to easily track their shipments, get the information they need as well as stay in touch with us. We’ve appreciated the level of ELEKS’ expertise, responsiveness and attention to details.

samer-min
Samer Awajan
CTO, Aramex