Australia’s cybercrime statistics are on an upward trend, with a 33% growth in people-based attacks (and an 18% overall growth between 2017 and 2018), financial losses of up to $29 billion each year, and incidents reported every 10 minutes.
While employees can generally rely on the multi-layer cybersecurity of their organisation, the current COVID-19 pandemic has forced companies to adopt remote work practices – leaving data vulnerable to greater risk.
With workers now using their own devices, platforms, and operating systems to access resources, hackers are presented with a wider attack surface. These criminals are now relying on at least some of these devices to fail standard security protocols – or workers forgetting best security practices.
To ensure safe and smooth operations within a remote workplace, we explore a few methods below to making fewer cybersecurity mistakes in a work-from-home setting.
Limit access to necessary network sections
Firstly, ensure workers are provided with only the necessary access they need to specific company resources.
Companies are all-too-often relaxed in this practice, and provide their remote workforce with blanket access to the entire network. Not only is this a needless choice, but it’s one that leaves your data – and the most important ones, at that – at further risk of a security breach.
Remember: the less data your workers have remote access to, the less your business is at risk in the case of a stolen or compromised device. Limit access, and you’ll limit the extent of a potential breach.
Rather than permitting employees to your company’s entire database, be sure to limit the extent of their access to specific network sections or resources they truly need. The human resources department doesn’t have to know the details of your IT team’s software development projects, for example; neither does Marketing need to know of the financial transactions monitored by Accounts.
Should workers require critical access to highly-sensitive or valuable data, try and restrict this to the specific amount of time they need to complete the necessary task.
Ensure employees are trained in best security practices
As of August in 2019, the Notifiable Data Breaches Scheme reported “human error” as comprising 67% of the Australia’s data breaches (in the year’s previous quarter).
Ensuring the security of your company information starts with your workers. Firewalls, VPNs, and multi-factor authentication can only do so much – until someone unwittingly shares their credentials, falls for a phishing scam, or accidentally downloads malware onto their system.
It’s therefore important to have employees trained in the proper security practices and basic cybersecurity knowledge. This is especially critical in the wake of COVID-19, with hackers increasingly employing phishing and online attacks to take advantage of those working from home.
Communicate with workers on the importance of good password hygiene (such as opting for long, complex phrases and using a different one for every account), common phishing tactics, and ways of securing one’s home Wi-Fi network.
Since employees will likely be using their own gadgets, set the expectation that these must be treated as company devices, with clear protocols in place to protect business data. If your company has the ability to administer its own devices – this is the safest way to secure your network resources.
Finally, emphasize the dangers of using a public Wi-Fi networks when accessing company data. According to data by Spiceworks, an alarming 61% of organisations have employees connecting to such networks (from company-owned devices) when working remotely.
Unsecured, public Wi-Fis are easy channels for hackers to intercept private data or distribute malware. For best protection, ensure your workers are limiting sensitive data access under Wi-Fi networks they know and trust – or using a VPN when out in public.
Invest in a quality VPN
As mentioned, an effective method for securing data under remote work access is to use a trusted, high-quality VPN (Virtual Private Network) service.
This provides workers with an extra, sturdy layer of cybersecurity that “masks” or replaces the real IP address of their device. Using a combination of encryption protocols and dedicated network connections, VPN software hides your physical location by rerouting your device’s internet connection through its private server.
On top of protecting employee identity, a VPN also ensures that any data transmitted through their server is unreadable until it reaches its final destination.
This provides remote workers with safe access to company data using any Wi-Fi connection – at home or otherwise.
For best remote security, make sure all network resources (such as company e-mail, software, and applications) have availability restricted under your company VPN. Ensure it also has a secure client for logging on, and that each worker is given their own unique username and password for access.
Additionally, if an employee leaves or is terminated, be sure to disable their VPN access as soon as possible.
Assess your vendors
Finally, employ a thorough assessment of your business vendors and the security standards they uphold.
Contractors and vendors typically have access to the same data and networks as your employees, Business owners are thus recommended to have them contractually obligated to adhere to the same security protocols as the rest of the company. This includes all the best aforementioned security practices, as well as limited access to relevant data.
To start, it can help to map out all your current vendors, their relationship to your business, and their access to specific network sections and data (some may have a hold of more sensitive information than others). Determine the criticality of each – as some may pose greater business impact, or provide vital technologies compared to other contractors.
Then, acquire a full view of your vendors’ current security practices; this can be done by providing security questionnaires (including questions to determine their preparedness to work from home) or performing scans of their current attack service.
Follow this, you can then continually monitor your vendors’ security posture, and respond accordingly to any changes that may occur.
Get online cybersecurity training with DDLS Anywhere
With businesses pressed to “go digital” in these unpredictable times, it helps to be well-equipped with the proper knowledge, tools, and techniques to improving security in a remote workplace.
DDLS**, Australia’s leading provider of corporate IT and process training, offers a wide array of cybersecurity courses to train you and your workers in enhanced data protection. Students can undertake these programs through an all-online learning experience with DDLS Anywhere – our mobile, distance education service that provides you the training you need from the comfort of your own home.
Protect yourself, your workers, and your business, and enquire with our experts on a course.