Many businesses are continuing to embrace remote working, with ONS figures suggesting that 44% of us were working from home in 2023. But of course, remote working isn't without risk.
In the latest Cyber Security Breaches Survey (2024), published by the UK government, 50 per cent of businesses reported a cyber security breach or attack in the last 12 months. This is up from 39 per cent in 2020. But there's no need to despair. There are measures you can take to improve the security of your remote working.
In fact, we've come up with ten things you can do today:
1. Update your remote network connectivity
VPN allows remote access to networks over encrypted connections. But as the attack surface expands, hackers are exposing VPN vulnerabilities. Thankfully, there's a new(ish) kid in town. SD-WAN allows real-time access control, while securing not only endpoint devices but traffic from the network to the cloud, too.
2. Install security software
Here's a scary statistic: phishing attacks are responsible for 83 percent of cyber breaches. Terrifying indeed, until you take into account that there's software to keep these threats at bay. Microsoft Defender for Endpoint, for instance, comes not only with anti-phishing capabilities, but anti-virus and anti-malware, too.
3. Train your staff
To err is, alas, very human. In fact, 85 percent of security breaches involve the human element. This often happens when someone can't spot the difference between a legitimate email and a phishing attack. Train your staff to recognise the warning signs of breaches as well as to run scans regularly.
4. Run tests
This is sneaky, but it works. Send your own version of a phishing email, sans the virus of course. Then you can provide urgent training to whoever opens it. But there are also ways to identify threats within your network, so you can quickly mitigate them.
5. Create a security checklist
Create a checklist for your staff to follow on and off-site. This should include everything from installing anti-virus software to not leaving remote devices unattended.
6. Encourage transparency
Encourage your staff to raise issues as soon as they occur using a 'just culture' no-blame approach. This will enable you to mitigate damage more quickly than if they were to keep things quiet.
7. Limit access permissions
Even if you're simpatico with your clients and suppliers, granting them unlimited access could put your network at risk. Reduce the chance of breaches by restricting the access permissions of users outside your organisation. You can easily set different levels of access with Azure, or disable accounts entirely to be enabled again when needed.
8. Implement multi-factor authentication
Add an additional level of security with multi-factor authentication for emails, files, and any site or app you use on company devices. This will stop hackers from exploiting passwords, and ensure only authorised people gain access.
9. Don't BYOD (or do it carefully!)
Bringing your own device can increase the risk of theft. It's also fraught with other
security issues, like insufficient access control. Consider issuing devices for company use only. Then you could install next-gen Firewall-as-a-Service for state-of-the-art security, no matter where they are. However if BYOD is your thing, you'll be happy to hear that Microsoft have put together some guidance around secure remote working with a BYOD policy. The guidance covers the Microsoft 365 services that can be adopted – and how businesses can mitigate the risks associated with remotely accessing unmanaged devices.
10. Ask the experts
A dispersed workforce creates its own unique set of challenges. If you want to take your security to the next level, ask the experts to identify your weak points and what you can do about them – whether this is your MSP, or an outsourced security specialist.
Remote working comes with lots of benefits. But if you don't consider the security risks, it could cause costly data breaches and destroy your business's good name.
This article was originally published on 27th February 2022 and updated on 10th April 2024.