Due to the global health crisis brought by the COVID-19 pandemic, many businesses worldwide have shifted to remote working. While 2020 may be considered as the year of remote work, the trend may continue even after the global pandemic ends. In fact, a Gartner CFO survey revealed that 74% of companies are planning to shift some employees to remote work permanently.
Although remote working has definitely brought a list of benefits to business owners and employees alike, it also comes with its fair share of risks and vulnerabilities, particularly in the field of cybersecurity. Barracuda Networks said that it had seen a 667% increase in malicious phishing emails during the height of the pandemic when most companies started shifting to remote working.
To reduce the chances of falling into these threats, reinforcing sound cybersecurity practices is necessary. Here’s a list of the basic do’s and don’ts to ensure that you and your staff are working from home safely.
Don’t: Use public networks
Remote working gives your employees the freedom to decide whether they work at home, in a coffee shop or at a hotel. While this offers a different level of convenience to your staff, it may put your business at risk. Publis networks are inherently less secure compared to private networks. Although most public networks require passwords to log in, there are no firewalls to keep you safe against possible attacks.
One common problem that occurs in a public place is the existence of rogue hotspots. These are Wi-Fi access points set up by attacks that mimic legitimate hotspots provided by businesses such as coffee shops. Rogue hotspots act as a middleman between you and the real network. This allows attackers to see all the information and the credentials you use.
Do: Ask your employees to use a VPN
VPNs are one of the most essential cybersecurity tools. Although work-from-home employees can opt to use their VPNs, it’s still best to ask them to use a business VPN that can act as a proxy to the internet. Additionally, ask them not to use cheaper or free VPNs to avoid fake ones that might end up jeopardising your data.
Don’t: Use personal devices
Using personal computers for work purposes can be really tempting because it’s more convenient than using separate devices. However, doing so can lead to serious complications that can put you and your company at risk. More often than not, personal computers lack cybersecurity tools present in business devices such as antivirus software, firewalls and automatic backup tools.
Do: Use separate work devices
The number of successful cyberattacks has skyrocketed especially during the pandemic. One reason for this is that most cybercriminals are aware that not all businesses have been able to fully implement a sound cybersecurity strategy. The first step towards a more secure work-from-home setup is separating personal and work devices.
Don’t: Share critical information on messaging apps
Similar to using your personal devices for work purposes, the use of your personal profiles such as your Facebook Messenger account for communicating with your colleagues or your clients is not a great idea. Not only is it unprofessional, it can also put your business at risk. Communication platforms such as Slack are a better and safer option for business communication and team collaboration.
Do: Encrypt your devices
Data found on work devices are vulnerable to cyberattacks. Whether critical information is stored on laptops, smartphones or removable devices, any data can be easily accessed by cybercriminals once the device has been stolen. Encrypting your devices can be of great help in this matter. Encryption offers an efficient way to protect your data from misutilisation. This can help ensure that no matter how a stolen device is booted, the attacker can’t access the files stored in it without the decryption key.
Don’t: Neglect employee training on cybersecurity
Businesses regardless of size and industry will always be the target of cybercriminals. In fact, Cybersecurity Ventures, the world’s leading researcher that covers the global cyber economy, predicted that there will be a new attack every 2 seconds as perpetrators progressively work on their malicious acts. That being said, companies should learn not to neglect employee training on cybersecurity but instead invest on it to help employees understand what their actions could bring.
Do: Learn about scams and phishing attacks
Even the best VPNs, firewalls and antivirus couldn’t protect your business once an employee fell victim to a phishing attack. The best thing you can do is train your employees to recognise early signs of phishing attacks. Giving them proper information about the latest threat intelligence and attack methods can help eliminate risky behavior and at the same time instill proper cybersecurity practices.
Keep your business and your employees safe against cyberattacks. Learn more about Bevootech’s End-to-End CyberDefence. For more details, contact us at +65 8687 8143 or send us an email at sales@bevootech.com
Detect and remediate in real-time against cyber attacks with comprehensive Security-as-a-Service CyberSecurity solution.
Grants available for eligible Singapore SMEs.