Guide to homeworking cybersecurity

Posted by

Jill Headford

Partner and Solicitor

Having staff working remotely has presented significant challenges for many businesses. However, one of the most difficult to address is the increased cybersecurity risk. Many companies did not have sufficient time to prepare for the transition to homeworking, and therefore may not have identified potential cybersecurity issues. Moreover, it is now much harder to monitor staff and ensure they are following safe practices.

Cyber criminals have wasted no time in exploiting these weaknesses, and businesses are encountering threats regularly. Here we look at the cybersecurity risks that homeworking may present to your business and, most importantly, how you can mitigate them.

What are the most common cybersecurity risks?

Homeworking raises numerous cybersecurity risks, and it is more important than ever for businesses to recognise these. Some of the most common risks include:

Human Error - Data protection is a serious concern for businesses with homeworkers. An alarmingly high number of employees who work with sensitive company data do not take adequate steps to destroy documents. This could be as simple as as avoiding disposing of them in outside bins where anyone might access them. Likewise, unwittingly downloading contaminated files or software can infect devices with dangerous malware, including viruses, spyware and ransomware, and leave data vulnerable. This is a particular risk if employees use a personal computer for work since there is a greater chance of exposure.

Phishing attacks - Phishing attacks try to trick people into downloading malware or revealing sensitive information, like passwords. They often take the form of phishing emails, text messages or phone calls, appearing to be from well-known organisations that their victim is likely to recognise. Without proper awareness of the risks of phishing, employees can easily fall foul of these schemes.
Targeted attacks - Whilst phishing attacks are usually mass campaigns sent in the hopes of obtaining personal information, some might target your business directly. These attacks are often referred to as spear phishing as they are tailored to catch your employees. For instance, workers could receive emails allegedly from the company’s administration, asking them to reset their password. Or even WhatsApp messages claiming to be from the CEO.

How do I minimise the risks to my business?

There are many simple steps that you can take to protect your business from cybersecurity risks:

Provide employees with a dedicated work laptop - Giving employees a work laptop makes it less likely that they will visit risky websites on the same device that holds their work data. Doing this also means that you can appropriate malware protection installed.
Set up a remote access VPN (Virtual Private Network) for employees to use - A VPN creates encrypted connections between remote computers and your company servers, ensuring privacy and security.
Educate your staff - Having a keen awareness of cybersecurity risks and potential cyber attacks will help your employees guard against threats. Giving them proper guidance on how to dispose of sensitive data, create strong passwords and recognise phishing attacks. Make sure they know who to reach out to for help and encourage them to do so.
Test your backup - Check that you will be able to recover data if your business is exposed to a threat.
Conduct regular cybersecurity risk assessments - Threats are constantly evolving, and it is crucial to keep on top of them. Frequently reviewing your business’s vulnerabilities will help you stay one step ahead.