Events over recent years have seen a dramatic change in how businesses operated day to day. Most businesses are now set up to enable either fully dispersed teams or a hybrid system where employees can work both remotely and at the office. It’s convenient, reduces travel time, and has been shown to lower stress levels and increase productivity.
On the flip side is that, whenever your employees work away from the office, they are inadvertently opening up weak points in your business security. Unsecured WiFi networks, weak passwords, lost or stolen devices, and varying technical skills and abilities: all reasons your hybrid working environment may put your company at severe risk of disaster.
But how exactly is hybrid working leaving your business so vulnerable? We’ll explore five main reasons, and help you mitigate them with practical cybersecurity tips you can implement right away.
1. Phishing emails
Phishing emails are responsible for the majority of malware hacks, with a reported 66% of UK companies experiencing a successful phishing attack last year alone.
Phishing scams rely on tricking targets to open links or attachments and thereby open up points at which to garner data or infect systems with viruses. They either fool people into voluntarily handing over their data or downloading software that opens up access to their devices.
What you can do about it
The first thing you can do is to train your employees on how to spot and avoid phishing emails. Training should be a part of the onboarding of new staff, but also as ongoing training and development of existing staff. As phishing techniques change, training and protocols may need to be updated, and staff knowledge refreshed.
2. Weak passwords
Even if you have the most robust security measures in place, the human factor is one of your business’s biggest security risks. And because, more often than not, your employees can choose their own passwords, you’re essentially handing over control of a cybersecurity weakness, especially when your staff are working remotely.
Not only can the password itself be weak, but it might be replicated across several other websites or tools. On top of this, your employees may also be storing their passwords in an unsecured place, like a digital note on their smartphone or even a spreadsheet on their laptop. Bring all these things together, and your company’s password hygiene might be what’s standing between you and a massive cyber disaster.
What you can do about it
First thing’s first. Every company should have a documented password policy that’s distributed to all members of staff. By documenting password guidelines, you can at least begin to redress your employees’ poor password choices. Your guidelines can also enforce bans on repeat passwords or on using personal or guessable information in passwords.
Beyond your guidelines, you might consider introducing a password manager such as LastPass or 1Password to your business, which stores all your company’s passwords securely, thus reducing the number of passwords each team member has to remember.
Lastly, it’s also worth implementing two-step authentication on logins that you have control over.
3. Unsecured devices
When your staff is working remotely, it’s usually the case that they’re using their own devices and are connected to either their home or public network. Although it happens in some companies, most businesses don’t provide corporate devices. The result is that business data is open to security risks.
What you can do about it
One of the best things you can do as a company is to use a virtual private network (VPN) and single sign-on solutions to keep your network secure no matter where they are accessed.
Keeping employees’ personal computers and devices secure is more complicated because it’s more challenging to control what firewalls, spyware or encryption they use, if any. However, you can encourage your team to keep their devices fully secure either by providing them with cybersecurity training or by insisting on regular security health checks.
It’s also worth noting that the printer is increasingly seen by hackers as an entry point, ready to be exploited via the local WiFi. However, VPNs can help you secure the connectivity between different devices, and encrypt the data “in transit” so that data can’t be stolen whilst en route across a network.
4. Unencrypted file sharing
Many security-conscious businesses will have encryption policies, particularly for data that’s stored on their networks. However, many will overlook the encryption of data as it travels between systems, such as in Cloud file-sharing applications and email platforms.
However, whilst businesses rely on the sharing of files and information, not encrypting it will lead to ransomware attacks, data theft and overall compromise of the company’s reputation.
What you can do about it
Simply implementing file-sharing systems with built-in security will be enough to mitigate many of the threats posed by insecure data sharing. The likes of Dropbox, OneDrive and WeTransfer (among many others) all have data security inbuilt, as do email providers such as ProtonMail and HushMail.
5. Open home networks
An often-overlooked security issue that can arise out of home-working is that of outdated routers. Just like any piece of hardware, if a router is forgotten about and not regularly updated, it leaves the network open to attack. What’s more, router passwords are usually left unchanged indefinitely, which also leaves them vulnerable to opportunistic hackers.
What you can do about it
The best – and simplest – solution to securing a home network is in changing the default WiFi password at the first instance and changing it on a regular basis. It will also help to anonymise the network name (the SSID), and also to avoid using any easily identifiable information in the name. Essentially, it’s important to make a home network as hard as possible for potential hackers to know to whom it belongs.
As a second step, it’s perfectly reasonable to advise (and to expect) remote employees to enable network encryption on their WiFi routers. Within the security settings on the wireless configuration page, security settings can be changed to include WPA or WPA2 encryption.
Thirdly, employees should be expected to run the latest version of their router firmware (this can be done by regularly checking the settings).
In summary: cybersecurity training is a must
For all the benefits of remote or hybrid working in the post-pandemic world, the security vulnerabilities of open home networks, weak passwords, unencrypted data-sharing and human error are clear to see.
And whilst we’ve pointed out some of the practical measures you can put in place to ensure your employees keep their networks, devices and data safe, the most sustainable solution comes down to an ongoing culture of security training and development.
Equity offers cybersecurity training which arms your staff with the skills to spot cyber threats before they become a problem, and also to keep their systems safe and secure on a daily basis.
But since 2022, Equity has begun offering businesses Cyber Essentials training and mentoring, helping your business achieve your accreditation. If you’d like to know more, get in touch and we’ll discuss how we can help you achieve your Cyber Essentials certification.