Cyber Security – The Real Consideration For Remote Working

We all know, the shift to remote working was sudden and necessary for business not to come to a complete halt. With such rapid and widespread adoption, it brought unforeseen benefits to both companies and employees, but, it also brought some issues with it as well.

A year in, and with some form of remote working looking like it’s here to stay, it’s time to look at how we can address one of the biggest issues that it brings with it – Cyber Security and the added risk to company data, proprietary information, and even finances.

We have seen in the past year, with a number of high-profile hacks, that the quick introduction of working from home dramatically increased the need for better security systems, protocols, and staff education.

Thankfully, the security industry has adapted very well to our new requirements and the overall increase in demand. But, for those still catching up or who have yet to make the decisions on how their employees will be working in the future, what can we do to help improve remote working security and protect our companies’ sensitive information?

As readers may know from previous articles, we have been advocates of flex work: providing employees with more flexibility both in terms of where and when they work (something we have encouraged from the inception of Foundations Executive Search), but it does require some additional protocols and more thought from those who wish to take advantage of this new way of working to ensure that it doesn’t compromise the company in any way.

For many, in the tech sector especially, it's well known that the individual can unintentionally be as big of a risk to security as direct attacks on the tech itself, so, we have put together a few points that you, as a company leader can implement to help ensure that your company is mitigating any risks:

• Teach employees to avoid risky online behaviour, at least on their work computers. This includes no personal email on their work computers.

• Provide remote employees with company computers pre-loaded with all the necessary security software to get them off their family networks and personal devices, where infection risks are higher. During the Covid crisis, organized crime and nation-state hackers have been targeting children of Chief Execs, installing malware in the kids’ computers and “pivoting” on the home networks to gain access to the CEOs’ unsecured devices.

• Require employees to quickly apply updates, including security patches, to their operating systems and software as soon as they’re available. This can be a big issue as many people ignore notifications asking them to install the latest updates. If they don’t update their software within the prescribed amount of time (say fortnightly), their access to company portals (including email) and other company programs should be restricted. Patching is considered basic security hygiene. Equifax is a good example – they didn’t do this and it’s the reason they were hacked.

• Upgrade end-point protection (EPS) software to endpoint detection and response (EDR) software – effectively “anti-virus software on steroids” that both protects computers from malware and automatically notifies the IT department when it’s detected, so they can make sure other employees aren’t impacted and the problem can be dealt with swiftly.

• Make sure employees understand the “vishing” threat (voice-based-phishing) – This has become ever more present while we are all working from home and internal communications are being done over the phone. Companies need employees to verify who they’re talking to – especially if they claim to be from the IT department. Embrace video calls.

• Invest in technical expertise. As with any area of your business – you bring in the best talent to fulfil your needs – this could be through permanent employment or a reputable specialist consultant. And for those that may gawp at the cost, this may have, compared to the savings from a reduction in office space or the implications of a data breach – having a seasoned cybersecurity professional on your side makes a lot of sense and is well worth the expense. 

If organisations listen to experts and adopt new principles, remote work post-Covid will be even more secure than it was pre-Covid, when cyber concerns were hardly even on the working-from-home radar.

There will of course always be some scenarios and specific jobs, where work simply can’t or shouldn’t be done from home – especially where large amounts of highly sensitive information is being handled such as financial trading information, account numbers, and M&A information – some work will need to take place at a secure location with the proper infrastructure, because even with proper training and state-of-the-art malware, spyware, and virus-protection it’s impossible to completely safeguard against security breaches. 

But, with even large financial businesses like Nationwide (the UK’s biggest building society) announcing that over 13,000 of their staff can “work anywhere”, remote and hybrid work is here to stay.

It is up to business to continue to adapt – be smart and look to new solutions to minimise the risks, and really make the most of the numerous benefits this new way of working can offer.