Like CRM, many organisations have been getting to grips with some or all of their employees working from home in the past couple of months. The speed with which we all managed this process raised new challenges in keeping data and communications secure.
Home working has been successful for some businesses and more difficult for others. Employees have additional stresses at home and some have found it tricky to adapt to a new way of working. Coronavirus has been the biggest ever challenge to face businesses and even the best prepared have struggled to keep on top of their cybersecurity.
Here are some pointers that we have picked up to help our employees work safely and securely when not in the CRM office:
Virus phishing
According to Infosecurity Magazine, there has been a 600% increase in reported phishing emails since the end of February. Cybercriminals are using the fear and uncertainty created by Coronavirus to attack with emails that trick users to click on a link to a website that might download malware, steal passwords or personal data.
The risk of phishing emails increases when employees are using their own devices so their use should be minimised wherever possible. Work can be better protected on a company laptop with remote access security controls including two-factor authentication at least.
Remote working policy
Are your employees aware of the risks that working from home creates? A remote working policy gives guidance on your expectations of acceptable use, safe storage of devices and password management. As a business, you have probably installed technology to protect sensitive data and the effective operation of this can be explained in the remote working policy.
If you have an IT team or employ an IT service, they are more able to manage the risks of malicious activity on company devices and they can assist employees more easily this way.
Looking after devices and removable media
Whether personal or company-owned, devices used for remote working are more vulnerable to theft and damage. Users should be encouraged to lock their screens when they’re not using the device, especially with children around. The device should be stored safely in the home and if it is lost or stolen, employees should know how to report this to minimise the risk to the data.
USB sticks pose an increased risk to cybersecurity as they are easy to lose and are hard to trace when openly shared, they can also introduce malware to your system. Reduce the risks with appropriate antivirus tools, allowing company-approved media only and encrypting data. There are alternative ways of transferring information using corporate storage and collaboration tools that are safer than USB media.
Many larger companies operate a Virtual Private Network (VPN) which provides a secure way to access files and emails. A VPN is a network connection that encrypts data being transmitted and authenticates the user.
The National Cyber Security Centre’s website has guidance on setting up a VPN, permitting employees to use their own devices and lots more advice on secure remote working.
Running a successful business within the Coronavirus setting is hard enough so don’t leave yourself vulnerable to attack from other viruses and dangers too – be sure to protect your business. For information about the safety and security of your financial records, contact CRM on 01865 379272.
